Hot Topics
SBN News Security Bloggers Network 
SBN

UK Government to Step Up Supply Chain Security following US Presidential Executive Order on Cybersecurity

by Ax Sharma on May 21, 2021

Threat actors are increasingly targeting mission-critical organizations in both ransomware attacks and novel supply-chain attacks. Whether by exploiting known vulnerabilities or taking advantage of other weaknesses in the ecosystem, the UK government is following the lead of the US Presidential Executive Order on cybersecurity and stepping up their involvement to safeguard the digital economy.

Evolving cyber threats across the technology landscape

Security issues driving the new policies across the US and UK:

  • Last year’s SolarWinds supply-chain attack allowed threat actors to push a trojanized Orion update downstream to over 18,000 company customers, where they targeted high-profile government and private organizations for further attacks.
  • The recent ransomware cyber attack on the Colonial Pipeline left 17 U.S. states and the District of Columbia (DC) with fuel shortages, leading to a national emergency.
  • Attacks on massively popular software ecosystems like GitHub, where open-source projects are manufactured and distributed, has been abused for mining cryptocurrency and distributing malware. 
  • Targeting of essential organizations like Ireland’s Health Services (HSE) and the Irish Department of Health were slapped with a $20 million ransom demand this week. HSE had to shut down all of their IT systems, causing disruptions for patients.
  • The Codecov supply-chain attack:
  • Reportedly impacted hundreds of client networks that were breached by Codecov attackers. In an IPO-related filing this week with the SEC, Monday.com disclosed that Codecov attackers had gained access to some of its source code.
  • Last week, US cybersecurity firm Rapid7 had also revealed that some of their source code repositories and credentials were accessed by Codecov attackers.

In light of these ongoing successful exploits in the wild by threat actors who now attack critical assets, governments around the world are stepping up their involvement when it comes to ensuring the security of digital supply chains.

U.S. Executive (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Ax Sharma. Read the original post at: https://blog.sonatype.com/uk-government-to-step-up-supply-chain-security-following-us-presidential-executive-order-on-cybersecurity

Ax Sharma , ,

Secure Guardrails