deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 05:43:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updated supply-chain-malware.md

Browse Source
This commit is contained in:
Eric Avena
2018-10-16 20:36:32 +00:00
parent 1f310dfaad
commit 8a0acedcd9
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/intelligence/supply-chain-malware.md
View File

@ -17,6 +17,8 @@ Supply chain attacks are an emerging kind of threat that target software develop
## How supply chain attacks work
[!video https://www.youtube.com/embed/uXm2XNSavwo]
Attackers hunt for unsecure network protocols, unprotected server infrastructures, and unsafe coding practices. They break in, change source codes, and hide malware in build and update processes.
Because software is built and released by trusted vendors, these apps and updates are signed and certified. In software supply chain attacks, vendors are likely unaware that their apps or updates are infected with malicious code when theyre released to the public. The malicious code then runs with the same trust and permissions as the app.