Overview
Instead of attacking a target directly, hackers compromise a third-party vendor, software library, or service provider that the target trusts.
Notable Examples
- SolarWinds: Malicious code was inserted into a legitimate software update.
- Log4j: A vulnerability in a widely used logging library affected millions of systems.
Prevention
- Software Bill of Materials (SBOM): Maintaining a list of all software components.
- Regular auditing of third-party dependencies.
- Implementing Zero Trust principles.