Signed, Sealed, Delivered: Abusing Trust in Software Supply Chain Attacks

Presented at ShellCon 2021 Virtual, Oct. 9, 2021, 3 p.m. (55 minutes).

As Marc Andreesen so aptly noted "Software is eating the world". Our technology-driven world increasingly relies on third party code, open source libraries and shared repositories. We don't fully appreciate just how interconnected we are, and how that translates into software code dependencies. It took an event like the SolarWinds Orion attack to rattle the bars on that cage, and wake us up to what's been going on for some time. The reality is that software supply chain attacks aren't new. They've been around for many years, and we've been watching that check engine light but not really addressing the issues. Recent attacks show how easy it is to create confusion and send malicious code undetected through automated channels to trusting recipients. SolarWinds delivered a hard truth to defenders: everyone is vulnerable when trust can be abused. Where is the weakest link in your software supply chains of trust?


Presenters:

  • Cheryl Biswas / 3ncr1pt3d as Cheryl Biswas
    Cheryl Biswas is a Strategic Threat Intel Specialist with TD bank in Toronto, Canada with experience in security audits and assessments, privacy, DRP, project management, vendor management and change management. She volunteers, mentors, gives talks, and champions women and diversity in Cyber Security with "The Diana Initiative".

Links:

Similar Presentations: