Supply chain attacks usually start by breaching a trusted third-party vendor or service provider and inserting malicious code or components into software or updates that are then distributed to downstream customers. Because the update appears to originate from a legitimate, trusted source, traditional perimeter and host defenses inside the customer's environment often fail to detect the compromise. Attacks that target only an organization's internally developed code, physical theft of hardware, or direct DDoS assaults do not fit the definition of a supply chain attack.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a software supply chain attack?
Open an interactive chat with Bash
How do software supply chain attacks bypass traditional defenses?
Open an interactive chat with Bash
What is the role of third-party vendors in supply chain attacks?