Ransomware Attacks in the Software Supply Chain: A Review of Attack Vectors, Defenses and Gaps

The proliferation of cyberattacks in the software supply chain domain is a pressing concern making them a formidable threat to software security and compromising its integrity and credibility which needs to be critically acknowledged and investigated. The lack of familiarity with the design and pattern of emerging attacks has contributed to the occurrence of several vulnerable software supply chain attacks in the preceding years. This project aims to conduct a comprehensive study of the various tactics and techniques employed by cybercriminals in this domain along with a focus on exploring the influence of software supply chain stakeholders’ traits, limitations, and actions on the likelihood of a successful attack. Furthermore, this research also identifies the regulatory tools and protocols administrating software supply chains that assist in reducing an organization’s susceptibility to these challenges. Using a rigorous methodology, we investigate the frequency, how, and where ransomware attacks occur. We review current defense techniques and gaps. The findings will provide valuable insights concerning the recent trends in disrupting the security and efficiency of the software supply chains and offer recommendations to researchers, organizations, and practitioners to remain cautious and proactive in their cybersecurity posture

Software Supply Chain Security Attacks and Analysis of Defense

The Software Supply chain or SSC is the backbone of the logistics industry and is crucial to a business\u27s success and operation. The surge of attacks and risks for the SSC has grown in coming years with each attack\u27s impact becoming more significant. These attacks have led to the leaking of both client and company sensitive information, corruption of the data, and having it subject to malware and ransomware installation, despite new practices implemented and investments into SSC security and its branches that have not stopped attackers from developing new vulnerabilities and exploits. In our research, we have investigated Software Supply Chain security tools and their infrastructure along with ways to help mitigate and reduce the risk of an attack. As well as following the route an Attacker takes, and the steps taken to cause such an attack. Ransomware is one of the more popular attacks in recent years in which the attacker gains access to the system and blocks its usage from anyone else until a ransom is paid. This ransom is often delivered in cryptocurrency to ensure anonymity from the attacker. Our goal is to extend the research to where Software Supply Chain attacks can be reduced for companies and develop solutions for vulnerable systems