ENISA Threat Landscape for Supply Chain Attacks

Download or read book ENISA Threat Landscape for Supply Chain Attacks written by Ifigeneia Lella and published by . This book was released on 2021 with total page pages. Available in PDF, EPUB and Kindle. Book excerpt: Supply chain attacks have been a security concern for many years, but the community seems to have been facing a greater number of more organized attacks since early 2020. It may be that, due to the more robust security protection that organizations have put in place, attackers successfully shifted towards suppliers. They managed to have significant impacts in terms of the downtime of systems, monetary losses and reputational damages, to name but a few. The importance of supply chains is attributed to the fact that successful attacks may impact a large amount number of customers who make use of the affected supplier. Therefore, the cascading effects from a single attack may have a widely propagated impact. This report aims at mapping and studying the supply chain attacks that were discovered from January 2020 to early July 2021. Based on the trends and patterns observed, supply chain attacks increased in number and sophistication in the year 2020 and this trend is continuing in 2021, posing an increasing risk for organizations. It is estimated that there will be four times more supply chain attacks in 2021 than in 2020. With half of the attacks being attributed to Advanced Persistence Threat (APT) actors, their complexity and resources greatly exceed the more common non-targeted attacks, and, therefore, there is an increasing need for new protective methods that incorporate suppliers in order to guarantee that organizations remain secure. This report presents the Agency's Threat Landscape concerning supply chain attacks, produced with the support of the Ad-Hoc Working Group on Cyber Threat Landscapes.