VV
Uploaded byvikram vashisth
PDF, PPTX907 views

Supply chain-attack

Supply chain attacks target software developers and suppliers by infecting legitimate applications to distribute malware. Attackers can compromise developer Git accounts to inject malware into repositories that get delivered to clients. They can also introduce vulnerable modules that aren't properly tested. This can lead to financial and personal data theft for customers of affected e-commerce sites, and legal issues for site owners and software vendors due to data breaches and loss of trust. Detecting malware involves scanning modules, servers, and developer systems using tools like YARA, LMD, and SYNK at various stages of the software development and delivery process.

Embed presentation

Download as PDF, PPTX
Supply chain Attack By - Vikram Vashisth
Topics To be discussed ● About ● Detecting threat ● Remediation ● Conclusions
Supply chain attack: Supply chain attack are an emerging kind of threat that target software developers and suppliers. The goal is to access source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.
News bytes
Use case1 : • Delivery of modules containing malware, activate on client server source : 1) Using third party malicious modules/libraries without verification of code 2) Developer's Git account compromise leads to malware injection in the repositiory which are delivered as a product to client's website and impact end users.
Use case2 : • Delivery of vulnerable modules, exploited on client server source : Not following secure development practices In this case the vulnerability generated because of not following security best practices in software development, which can be exploited on websites using vulnerable modules and directly impact end users of websites.
Impact: Stage1 : E-commerce website customer Purchasing items from a compromised website leads to financial and personal data theft. Stage2 : E-commerce website owner A compromised website owner can face multiple legal cases in case of data breach because of compliance like GDPR, PCI DSS etc. Stage3 : Software vendor Delivery of vulnerable software can rise trust issues on software vendor.
How to detect malware? • YARA • LMD (Linux Malware detection) • SYNK
Malware scanning stages: Stage1 : Scanning modules before delivering to client Stage2 : Scanning of client server before making any customization Stage3 : Frequently scanning developers system connecting to client server
Reference: YARA : https://github.com/VirusTotal/yara LMD : https://github.com/rfxn/linux-malware-detect SYNK : https://snyk.io/docs/using-snyk/
Thanks!

More Related Content

PPTX
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 
PDF
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
byEdureka!
 
PDF
Supply Chain Attacks
byLionel Faleiro
 
PDF
Supply Chain Attack Backdooring Your Networks
byBangladesh Network Operators Group
 
PPTX
Effective Threat Hunting with Tactical Threat Intelligence
byDhruv Majumdar
 
PPT
Ethical Hacking and Penetration Testing
byRishabh Upadhyay
 
PPTX
Social engineering
byMaulik Kotak
 
PDF
Introduction to Web Application Penetration Testing
byNetsparker
 
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
byEdureka!
 
Supply Chain Attacks
byLionel Faleiro
 
Supply Chain Attack Backdooring Your Networks
byBangladesh Network Operators Group
 
Effective Threat Hunting with Tactical Threat Intelligence
byDhruv Majumdar
 
Ethical Hacking and Penetration Testing
byRishabh Upadhyay
 
Social engineering
byMaulik Kotak
 
Introduction to Web Application Penetration Testing
byNetsparker
 

What's hot

PPTX
Security Information and Event Management (SIEM)
byk33a
 
PPTX
OWASP Top 10 2021 What's New
byMichael Furman
 
PPTX
Cyber Kill Chain.pptx
byVivek Chauhan
 
PDF
Threat Intelligence
byDeepak Kumar (D3)
 
PDF
Cybersecurity Fundamental Course by Haris Chughtai.pdf
byHaris Chughtai
 
PPTX
Cybercrime and Security
byNoushad Hasan
 
PDF
Adversary Emulation and Red Team Exercises - EDUCAUSE
byJorge Orchilles
 
PDF
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
byControlScan, Inc.
 
PPTX
cyber security
byabithajayavel
 
PDF
Advanced persistent threats(APT)
byNetwork Intelligence India
 
PPTX
Ethical Hacking n VAPT presentation by Suvrat jain
bySuvrat Jain
 
PPT
DDoS Attack PPT by Nitin Bisht
byNitin Bisht
 
PDF
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
byEdureka!
 
PPTX
Domain 1 - Security and Risk Management
byMaganathin Veeraragaloo
 
PDF
Cyber attacks
byAnuradha Moti T
 
PPTX
Advanced persistent threat (apt)
bymmubashirkhan
 
PDF
Overview of the Cyber Kill Chain [TM]
byDavid Sweigert
 
PPTX
Cyber attacks and IT security management in 2025
byRadar Cyber Security
 
PPTX
Ransomware
byAkshita Pillai
 
PPTX
Cybersecurity Awareness Session by Adam
byMohammed Adam
 
Security Information and Event Management (SIEM)
byk33a
 
OWASP Top 10 2021 What's New
byMichael Furman
 
Cyber Kill Chain.pptx
byVivek Chauhan
 
Threat Intelligence
byDeepak Kumar (D3)
 
Cybersecurity Fundamental Course by Haris Chughtai.pdf
byHaris Chughtai
 
Cybercrime and Security
byNoushad Hasan
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
byJorge Orchilles
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
byControlScan, Inc.
 
cyber security
byabithajayavel
 
Advanced persistent threats(APT)
byNetwork Intelligence India
 
Ethical Hacking n VAPT presentation by Suvrat jain
bySuvrat Jain
 
DDoS Attack PPT by Nitin Bisht
byNitin Bisht
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
byEdureka!
 
Domain 1 - Security and Risk Management
byMaganathin Veeraragaloo
 
Cyber attacks
byAnuradha Moti T
 
Advanced persistent threat (apt)
bymmubashirkhan
 
Overview of the Cyber Kill Chain [TM]
byDavid Sweigert
 
Cyber attacks and IT security management in 2025
byRadar Cyber Security
 
Ransomware
byAkshita Pillai
 
Cybersecurity Awareness Session by Adam
byMohammed Adam
 

Similar to Supply chain-attack

PDF
5 Common Supply Chain Attacks and How They Work | CyberPro Magazine
byCyberPro Magazine
 
PDF
Ransomware Evolution: Extortion Tactics and Supply Chain Risks.pdf
byCybernetic Global Intelligence
 
PPTX
supply chain management.pptx
byMinnySkyy
 
PDF
Everything to Understand About Cyberattacks Around Supply Chain Industry in 2023
byMobibiz India
 
PPTX
SANS CTI Summit 2016 Borderless Threat Intelligence
byJason Trost
 
PDF
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
byBlueHat Security Conference
 
PDF
Software Supply Chain Attacks (June 2021)
byTzahiArabov
 
PDF
Understanding about Cybersecurity Threats
byCloudavize
 
PDF
BackStabber Special: Supply chain attacks
byKnoldus Inc.
 
PPTX
Securing-the-Chain-Cryptographys-Role-Against-Supply-Chain-Attacks.pptx
bythehenrywilliams03
 
PDF
Addressing Risks Associated with Extended Software Supply Chain - ITSecurityW...
byEnterprise Insider
 
PDF
Navigating the Digital Threatscape. Understanding and Preventing Supply Chain...
byUtah Tech Labs
 
PDF
100 Cyber Attack Vectors Every Business Must Know
byCyberUpgrade
 
PPTX
The-Evolving-Cybersecurity-Landscape.pptx
byVLink Inc
 
PDF
Scared About Supply Chain Cybersecurity? 5 Reasons You Aren't Scared Enough
byXeneta
 
PDF
Malware
bySetiya Nugroho
 
PPTX
The Top Cybersecurity Threats Frightening Small Businesses Today
byPC Doctors NET
 
PDF
The CISO Problems Risk Compliance Management in a Software Development 030420...
bylior mazor
 
PDF
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
bylior mazor
 
PDF
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
bySouth Tyrol Free Software Conference
 
5 Common Supply Chain Attacks and How They Work | CyberPro Magazine
byCyberPro Magazine
 
Ransomware Evolution: Extortion Tactics and Supply Chain Risks.pdf
byCybernetic Global Intelligence
 
supply chain management.pptx
byMinnySkyy
 
Everything to Understand About Cyberattacks Around Supply Chain Industry in 2023
byMobibiz India
 
SANS CTI Summit 2016 Borderless Threat Intelligence
byJason Trost
 
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
byBlueHat Security Conference
 
Software Supply Chain Attacks (June 2021)
byTzahiArabov
 
Understanding about Cybersecurity Threats
byCloudavize
 
BackStabber Special: Supply chain attacks
byKnoldus Inc.
 
Securing-the-Chain-Cryptographys-Role-Against-Supply-Chain-Attacks.pptx
bythehenrywilliams03
 
Addressing Risks Associated with Extended Software Supply Chain - ITSecurityW...
byEnterprise Insider
 
Navigating the Digital Threatscape. Understanding and Preventing Supply Chain...
byUtah Tech Labs
 
100 Cyber Attack Vectors Every Business Must Know
byCyberUpgrade
 
The-Evolving-Cybersecurity-Landscape.pptx
byVLink Inc
 
Scared About Supply Chain Cybersecurity? 5 Reasons You Aren't Scared Enough
byXeneta
 
Malware
bySetiya Nugroho
 
The Top Cybersecurity Threats Frightening Small Businesses Today
byPC Doctors NET
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
bylior mazor
 
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
bylior mazor
 
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
bySouth Tyrol Free Software Conference
 

Recently uploaded

PPTX
PREVENTIVE PEDIATRICS.pptx
byBANDITA PATRA
 
PPTX
Toba Tek Singh - Visualising Partition through Manto's Lens
bymiraljoshi48
 
PPTX
MENTAL STATUS EXAMINATION Part-1.Shilpa hotakar.pptx
bySHILPA HOTAKAR
 
PPTX
That long silence - Novel by Shashi Deshapande
bysanjanavaghela65
 
PPTX
Exploring Higher education and its pathways
byEVAMAEBONGHANOY5
 
PPTX
Grade 9 and 10 learner Fuse and Switch.pptx
byCarlJohnCabayao
 
PPTX
West Hatch High School -- GCSE Geography
byWestHatch
 
PPTX
28 January 2026 Rebecca Frankum Are high-stakes exams and assessments still r...
byEduSkills OECD
 
PPTX
Master of Punjabi Short Story "kartar singh duggal
bybhautikbharwad4
 
PPTX
Unit 3- Culture.pptx....................
byAkanksha Kotangale
 
PPTX
West Hatch High School - GCSE Media Studies
byWestHatch
 
PPT
West Hatch High School - GCSE History Option
byWestHatch
 
PPTX
Metabolism ( BIOCHEMISTRY & CLINICAL PATHOLOGY )
byBushraDeshpande
 
PDF
Fast Followers Project, Embedding Net Zero into Wakefield Metropolitan Distri...
byAssociation for Project Management
 
PDF
Darwinism: Theory of Natural Selection and Origin of Species
byIPGDCWA,NAMPALLY
 
PDF
U.S. Departments of Education and Treasury fact sheet
byMebane Rash
 
PDF
Beak Modifications by Dr. Ramzan Virani pptx.pdf
byDr. Ramzan Virani
 
PPTX
Drugs modulating serotonergic system.pptx
byNorman Arockiaraj G
 
PPTX
Day 2 ppt english.powerpoint presentation ppt
byJeahMaeMedez
 
PDF
Bishan_Singh_Presentation - Toba tek Singh
bygopalsinhchauhan9313
 
PREVENTIVE PEDIATRICS.pptx
byBANDITA PATRA
 
Toba Tek Singh - Visualising Partition through Manto's Lens
bymiraljoshi48
 
MENTAL STATUS EXAMINATION Part-1.Shilpa hotakar.pptx
bySHILPA HOTAKAR
 
That long silence - Novel by Shashi Deshapande
bysanjanavaghela65
 
Exploring Higher education and its pathways
byEVAMAEBONGHANOY5
 
Grade 9 and 10 learner Fuse and Switch.pptx
byCarlJohnCabayao
 
West Hatch High School -- GCSE Geography
byWestHatch
 
28 January 2026 Rebecca Frankum Are high-stakes exams and assessments still r...
byEduSkills OECD
 
Master of Punjabi Short Story "kartar singh duggal
bybhautikbharwad4
 
Unit 3- Culture.pptx....................
byAkanksha Kotangale
 
West Hatch High School - GCSE Media Studies
byWestHatch
 
West Hatch High School - GCSE History Option
byWestHatch
 
Metabolism ( BIOCHEMISTRY & CLINICAL PATHOLOGY )
byBushraDeshpande
 
Fast Followers Project, Embedding Net Zero into Wakefield Metropolitan Distri...
byAssociation for Project Management
 
Darwinism: Theory of Natural Selection and Origin of Species
byIPGDCWA,NAMPALLY
 
U.S. Departments of Education and Treasury fact sheet
byMebane Rash
 
Beak Modifications by Dr. Ramzan Virani pptx.pdf
byDr. Ramzan Virani
 
Drugs modulating serotonergic system.pptx
byNorman Arockiaraj G
 
Day 2 ppt english.powerpoint presentation ppt
byJeahMaeMedez
 
Bishan_Singh_Presentation - Toba tek Singh
bygopalsinhchauhan9313
 

Supply chain-attack

  • 1.
    Supply chain Attack By- Vikram Vashisth
  • 2.
    Topics To be discussed ●About ● Detecting threat ● Remediation ● Conclusions
  • 3.
    Supply chain attack: Supplychain attack are an emerging kind of threat that target software developers and suppliers. The goal is to access source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.
  • 4.
  • 5.
    Use case1 : •Delivery of modules containing malware, activate on client server source : 1) Using third party malicious modules/libraries without verification of code 2) Developer's Git account compromise leads to malware injection in the repositiory which are delivered as a product to client's website and impact end users.
  • 6.
    Use case2 : •Delivery of vulnerable modules, exploited on client server source : Not following secure development practices In this case the vulnerability generated because of not following security best practices in software development, which can be exploited on websites using vulnerable modules and directly impact end users of websites.
  • 7.
    Impact: Stage1 : E-commercewebsite customer Purchasing items from a compromised website leads to financial and personal data theft. Stage2 : E-commerce website owner A compromised website owner can face multiple legal cases in case of data breach because of compliance like GDPR, PCI DSS etc. Stage3 : Software vendor Delivery of vulnerable software can rise trust issues on software vendor.
  • 8.
    How to detect malware? •YARA • LMD (Linux Malware detection) • SYNK
  • 9.
    Malware scanning stages: Stage1: Scanning modules before delivering to client Stage2 : Scanning of client server before making any customization Stage3 : Frequently scanning developers system connecting to client server
  • 10.
    Reference: YARA : https://github.com/VirusTotal/yara LMD: https://github.com/rfxn/linux-malware-detect SYNK : https://snyk.io/docs/using-snyk/
  • 11.