Dhaka,  Thursday
12 September 2024

The Daily Messenger
বাংলা

Dhaka,  Thursday  12 September 2024

Top News:

Khaleda Zia Admitted to Evercare Hospital
Ex-IGP Mamun shown arrested in 4 more murder cases
Entry fee of Botanical Garden cut on adviser’s initiative
Chief Adviser to exchange views with businessmen today

From XZ to Crowdstrike -Impact and future implications of supply chain attacks

Messenger Business

Published: 18:37, 21 August 2024

From XZ to Crowdstrike -Impact and future implications of supply chain attacks

Photo: Courtesy

Globalisation and digitalisation have made the world economy heavily reliant on technology, creating a complex supply mesh. This interconnected network enables international trade, travel, and commerce, but also presents opportunities for supply chain attacks. By compromising a manufacturer’s infrastructure, threat actors can inject malware into legitimate software updates, turning them into powerful attack vectors.

One of the most significant incidents occurred on July 19, 2024, when a content configuration update from CrowdStrike—a leading cybersecurity firm—caused a massive disruption. “The configuration update for Crowdstrike should have been a routine, a regular update to the protection mechanisms of their Falcon platform, gaining telemetry and detecting possible novel threat techniques for the Windows platform. Unfortunately, this update resulted in a never ending reboot spiral for over 8.5 million Windows machines across the world,” said Vitaly Kamluk, Cybersecurity expert of Global Research & Analysis team (GReAT) at Kaspersky. Critical infrastructure, including hospitals, banks, and government agencies, was paralyzed, underscoring the catastrophic potential of supply chain vulnerabilities.

Earlier in 2024, another supply chain attack targeted the Linux XZ Utils project, compromising OpenSSH through sophisticated backdoor techniques. This attack, which could have led to even greater damage than the CrowdStrike incident, highlighted the ongoing risks in open-source software.

As AI becomes more integrated into society, it too faces supply chain threats. “Potential avenues of a supply chain attack on AI would be to manipulate the training data and introduce biases and vulnerabilities into the model or modify the AI models with altered versions so that it would produce incorrect outputs,” says Vitaly. Such attacks could degrade AI systems over time, posing long-term risks to critical infrastructure.

To mitigate these threats, organisations must adopt rigorous cybersecurity practices. “In addition to best cybersecurity practices, organisations need to conduct mitigation strategies to manage or minimise the potential impact of a supply chain attack in their infrastructure,” says Vitaly. This includes thorough testing, continuous monitoring, and regular security audits.

Messenger/Anjan

DailyMessenger
All News

Read More  

Discussion Meeting held with newly formed Board of Directors of Global Islami Bank

Discussion Meeting held with newly formed Board of Directors of Global Islami Bank
Walton, Huawei tie up for lithium battery production

Walton, Huawei tie up for lithium battery production
Biman Bangladesh offers discount on Manchester Route

Biman Bangladesh offers discount on Manchester Route
Arrest warrant sued over Basic bank chairman

Arrest warrant sued over Basic bank chairman
Chinese company invest on Cumilla EPZ

Chinese company invest on Cumilla EPZ
Southeast Bank organised business review meeting

Southeast Bank organised business review meeting
SDG Brand Champion Awards 2024 Celebrates 39 Pioneering Initiatives

SDG Brand Champion Awards 2024 Celebrates 39 Pioneering Initiatives
Prime Bank & Dotlines partner to enhance payroll banking services

Prime Bank & Dotlines partner to enhance payroll banking services
×
Nagad