The breach disclosed by SolarWinds and another involving a legacy file transfer appliance from Accellion have focused fresh attention on the risks that enterprise organizations face from attacks via the software supply chain and other trusted third parties.
Both attacks impacted numerous organizations, targeting them for further exploit activity designed to steal data and establish a persistent presence on their networks.
Security experts expect such attacks will become more common as adversaries try to exploit vulnerabilities and weaknesses in widely deployed third-party products and services to target large swathes of their customers. Many concede that detecting attacks that exploit trusted third parties and supply chain partners will be hard -- but the ability to do so will become increasingly critical as attackers try to maximize the effectiveness of their malicious campaigns.
Here, according to several security experts, are measures organizations can implement to limit damage from attacks involving supply chain partners and other trusted third parties.