SANS 2022 Report: Detecting and Preventing Software Dependency Attacks

Software supply chain attacks have become a go-to technique for threat actors. But today, most software supply chain attacks target dependencies where threat actors get higher return on investment. After all, why compromise one piece of software when you can compromise every piece of software that uses a given library? Software dependency attacks have been used to deploy Cobalt Strike, steal API keys to compromise assets deployed in AWS, and to steal user credentials. But after the Russian invasion of Ukraine, the situation worsened. We always knew destructive attacks were possible, but the maintainer of the popular npm package node-ipc pushed an update to a package that deleted files on any system with a Russian IP address. Yikes!

In this webcast, we’ll highlight the scope of the problem of dependency attacks. You’ll learn why, even if your organization doesn’t develop software, you still need to be aware of these attacks and how they work. We’ll offer actionable recommendations for what organizations can do to prevent these attacks from occurring. Additionally, we’ll offer strategies for detection when they do occur. The Rubicon has been crossed: Destructive attacks through dependencies is no longer hypothetical, it’s reality. Your organization must either be ready—or be a victim.