https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Partner content

Why supply-chain attacks are destined to escalate

Why supply-chain attacks are destined to escalate

  • Written by Kelly Jackson Higgins / Dark Reading
  • 6th August 2021

BLACK HAT USA 2021 – Las Vegas – The epic software supply chain attacks over the past year, including the high-profile breaches of SolarWinds, Microsoft Exchange Server, Kaseya, and Codecov, were only the beginning.

“Supply chain attacks are only just starting, and mostly with pretty small vendors that most people had not heard of beforehand,” said Corellium COO Matt Tait, in a live conversation via video with Black Hat founder Jeff Moss. But what happens when these attacks get bigger and affect larger vendors and more of their customers?

Tait – who also delivered the prerecorded keynote, which was streamed on multiple large screens in a ballroom at the Mandalay Bay Conference Center in Las Vegas yesterday – said in the live portion of the event that the relative impact of these high-profile attacks could have been much worse given they were mostly targeted. He warned there will be more and they could well wreak more extensive and widespread damage to more organizations if the attackers hit larger targets with massive customer bases, such as the recent theft of source code from gaming giant EA Games.

“It’s likely to start to escalate in the coming months and years,” he said. “And when something really big happens … everything else will look like complete peanuts” in comparison, he said. When a nation-state or cybercrime organization makes that leap and infiltrates more victims, it will no longer be a “sustainable” situation.

In his keynote, Tait, former information security specialist for the UK’s GCHQ and more recently a member of Google’s Project Zero team, outlined what he considers the three main factors that drove high-profile cyberattacks on Colonial Pipeline, Kaseya, Exchange Server, SolarWinds, and Codecov, as well as North Korea’s targeting of security researchers and the NSO Pegasus Project iOS hacks.

While these attacks each were obviously different, they have a few common themes, he said. “The intrusions caused really big physical, real-world challenges,” such as the temporary interruption in gasoline distribution after Colonial Pipeline’s ransomware attack. And many were driven by a supply chain compromise.

“Several were about stolen zero-days,” as well, he said, pointing to the leaked Exchange flaw and North Korean nation-state hackers targeting security researchers to pilfer their findings. “Some of these working exploits got into the hands of offensive hackers who used these in massive attacks.”

Another factor, he said: a major increase in the number of zero-day exploits over the past year or so, especially on mobile devices. “The number of zero days being exploited in the wild is completely off the charts,” Tait said.

To read the complete article, visit Dark Reading.

 

Tags: Alerting Systems Analytics Applications Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Incident Command/Situational Awareness Interoperability News Policy Public Safety Public-Safety Broadband/FirstNet Regional Coordination Security Software State & Local Government Subscriber Devices System Design System Operation Test & Measurement Tracking, Monitoring & Control Training Wireless Networks Partner content

Most Recent


  • Why supply-chain attacks are destined to escalate
    Newscan: Verizon counts 5.1 million first-responder subs; AT&T has 3.7 million
    Web Roundup Items from other news organizations Verizon counts 5.1 million first-responder subs; AT&T has 3.7 million DHS researches overcoming occlusions in video surveillance for public safety Less-serious 911 calls put on standby due to Durham EMS staffing shortages Russian hackers get the headlines. But China is the bigger threat to many U.S. enterprises. One […]
  • Taiwan crisis another blow to the supply chain
    It’s been a good news-bad news-slightly better news kind of week. The good news is the world just avoided a superpower conflict over Taiwan. The bad news is China is right now in the middle of a live-fire military exercise on all sides of the island that is impacting commercial flights, shipping and the global […]
  • Motorola Solutions logo
    Motorola Solutions seeks contempt finding, global injunction against Hytera for not paying royalty
    Motorola Solutions asked a federal judge to find Hytera Communications in contempt of court for refusing to make ordered royalty payment and to prohibit the China-based manufacturer from selling land-mobile-radio (LMR) equipment globally, according to a legal filing posted Wednesday. Hytera Communications did not make its first royalty payment as scheduled on July 31 to […]
  • Humanoid robot explores shipwrecks
    Stanford University researchers created a humanoid diving robot that can access deeply-sunk vessels and objects, and features a haptic feedback system that simulates the feeling of items encountered so operators can experience what the robot does. The robot, known as OceanOneK, also comes fitted with 3D vision and eight multidirectional thrusters to help it navigate […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • FragAttacks foil two decades of wireless security
  • 5 key lessons from ICS attacks through the ages
  • Trying to apply ethics to driverless technology
  • NG911 funding not included in $1 trillion bipartisan Senate infrastructure proposal

Commentary


LTE and liability: Why the fire service must move forward with digital incident command

  • 2
6th May 2022

Partnership and collaboration must be the foundation for emergency communications

18th April 2022

FirstNet success means no hypothetical ‘shots’ need to be fired, Swenson says

22nd February 2022
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Newscan: Verizon counts 5.1 million first-responder subs; AT&T has 3.7 million dlvr.it/SW84Gv

6th August 2022
UrgentComm

Taiwan crisis another blow to the supply chain dlvr.it/SW7GSs

5th August 2022
UrgentComm

Motorola Solutions seeks contempt finding, global injunction against Hytera for not paying royalty dlvr.it/SW6Ldm

5th August 2022
UrgentComm

Humanoid robot explores shipwrecks dlvr.it/SW36fy

4th August 2022
UrgentComm

How IT teams can use ‘harm reduction’ for better cybersecurity outcomes dlvr.it/SW32rd

4th August 2022
UrgentComm

Increase in emergency-response time caused by insufficient staffing, traffic congestion dlvr.it/SW16zp

3rd August 2022
UrgentComm

Tepid demand, taxation fears drag at 2.5GHz spectrum auction for 5G dlvr.it/SW15Yt

3rd August 2022
UrgentComm

Newscan: Cyberattacks against critical infrastructure quietly increase dlvr.it/SVxr3P

2nd August 2022

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X