Ransomware Attacks in the Software Supply Chain: A Review of Attack Vectors, Defenses and Gaps

Abstract

The proliferation of cyberattacks in the software supply chain domain is a pressing concern making them a formidable threat to software security and compromising its integrity and credibility which needs to be critically acknowledged and investigated. The lack of familiarity with the design and pattern of emerging attacks has contributed to the occurrence of several vulnerable software supply chain attacks in the preceding years. This project aims to conduct a comprehensive study of the various tactics and techniques employed by cybercriminals in this domain along with a focus on exploring the influence of software supply chain stakeholders’ traits, limitations, and actions on the likelihood of a successful attack. Furthermore, this research also identifies the regulatory tools and protocols administrating software supply chains that assist in reducing an organization’s susceptibility to these challenges. Using a rigorous methodology, we investigate the frequency, how, and where ransomware attacks occur. We review current defense techniques and gaps. The findings will provide valuable insights concerning the recent trends in disrupting the security and efficiency of the software supply chains and offer recommendations to researchers, organizations, and practitioners to remain cautious and proactive in their cybersecurity posture

    Similar works