deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-14 18:03:37 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
Files
5edfec28f865c5fe93f339bfad72cfe2afad784a
windows-itpro-docs/windows/security/intelligence/supply-chain-malware.md
Beth Levin a3587c3d8a Updates
2018-08-14 13:29:27 -07:00

57 lines
2.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Supply chain attacks
description: Learn about how supply chain attacks work, deliver malware do your devices, and what you can do to protect yourself
keywords: security, malware
ms.prod: w10
ms.mktglfcycl: secure
ms.sitesec: library
ms.localizationpriority: medium
ms.author: ellevin
author: levinec
ms.date: 08/01/2018
---
# Supply chain attacks
Supply chain attacks are an emerging kind of threat that target software developers and suppliers. The goal is to access source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.
## How supply chain attacks work
Attackers hunt for unsecure network protocols, unprotected server infrastructures, and unsafe coding practices. They break in, change source codes, and hide malware in build and update processes.
Because software is built and released by trusted vendors, these apps and updates are signed and certified. In software supply chain attacks, vendors are likely unaware that their apps or updates are infected with malicious code when theyre released to the public. The malicious code then runs with the same trust and permissions as the app.
The number of potential victims is significant, given the popularity of some apps. A case occurred where a free file compression app was poisoned and deployed to customers in a country where it was the top utility app.
### Types of supply chain attacks
* Compromised software building tools or updated infrastructure
* Stolen code-sign certificates or signed malicious apps using the identity of dev company
* Compromised specialized code shipped into hardware or firmware components
* Pre-installed malware on devices (cameras, USB, phones, etc.)
To learn more about supply chain attacks, read this blog post called [attack inception: compromised supply chain within a supply chain poses new risks](https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks/).
## How to protect against supply chain attacks
* Deploy strong code integrity policies to allow only authorized apps to run.
* Use endpoint detection and response solutions that can automatically detect and remediate suspicious activities.
### For software vendors and developers
* Take steps to ensure your apps are not compromised.
* Maintain a secure and up-to-date infrastructure. Restrict access to critical build systems.
* Immediately apply security patches for OS and software.
* Require multi-factor authentication for admins.
* Build secure software update processes as part of the software development lifecycle.
* Develop an incident response process for supply chain attacks.
For more general tips on protecting your systems and devices, see [prevent malware infection](prevent-malware-infection.md).
Reference in New Issue View Git Blame Copy Permalink