US warns of supply chain cyber-attacks

The US intelligence community has issued a new warning about cyber-espionage risks posed by attacks made via the technology supply chain. "Software supply chain infiltration is one of the key threats that corporations need to pay attention to, particularly how software vulnerabilities are exploited," William Evanina, the NCSC's director and the US's top counter-intelligence official, told the BBC. "To get around increasingly hardened corporate perimeters, cyber-actors are targeting supply chains." The use of accountancy software to target Ukraine in the so-called NotPetya attack is another example of where a software supply chain was compromised. Supply chain attacks have the potential to hit many different machines through one single compromise and can be harder to detect than traditional malware attacks. Two-thirds of the organisations that responded said they had experienced a software supply chain attack in the past 12 months.

Read the full story

 Related companies

Make a complaint about National by viewing their customer service contacts.

•