Supply Chain Attack
Definition
A supply chain attack is a cyberattack where the attacker targets a supplier or software vendor rather than the target organization itself. By compromising the supply chain, attackers can reach multiple targets simultaneously.
The SolarWinds attack (2020) was a notorious supply chain attack: attackers compromised the update server and infected thousands of customers, including US government agencies.
Supply chain attacks are difficult to prevent because organizations often trust their suppliers. Vendor security assessments are essential for protection.