Mar 22, 2018

Hackers hit software supply chains more in 2017 than prior two years combined

A computer user points at the word "Bitcoin" in ransom message associated with the NotPetya malware. Photo: Donat Sorokin\TASS via Getty Images.

Hackers dramatically increased the number and scope of attacks on software manufacturers as a way to attack user machines in 2017, according to a new report by Symantec. "When you look at the numbers, it's no longer one off attacks," Kevin Haley, director of Symantec Security Response, told Axios.

Why it matters: The NotPetya malware was devastating internationally, costing the shipping giant Maersk $300 million dollars alone. It spread so quickly because it was attached to an update for widely used Ukrainian accounting software. This type of attack, where malware is placed in software before it is downloaded from the manufacturer, is known as a supply chain attack and are particularly tough for users to defend against.

By the numbers: According to Symantec's new Internet Security Threat Report, there was an average of three reported supply chain attacks attacks per year from 2013 through 2015. There were 10 in 2017, up from three in 2015 and four in 2016.

Larger in scope: While past supply chain attacks focused on niche software, like the software used in industrial machinery, 2017 saw two gigantic attacks. NotPetya was one, while a second targeted the popular CCleaner file cleaning software.

A siege of nations: Supply chain attacks are difficult to pull off and frequently the domain of nations and other highly-adept groups. "It certainly takes a level of sophistication - not common cyber criminals," said Haley. The White House believes NotPetya was launched by the Russian Government, while many researchers believe CCleaner was a product of China.

Go deeper

Trump hits back at Mattis: "I gave him a new life"

President Trump speaks at the White House. Photo: Doug Mills - Pool/Getty Images

President Trump unloaded on his former defense secretary via Twitter on Wednesday, hours after James Mattis condemned him for making a "mockery of our Constitution" in his response to mass protests in the wake of George Floyd's killing.

What he's saying: "Probably the only thing Barack Obama & I have in common is that we both had the honor of firing Jim Mattis, the world’s most overrated General. I asked for his letter of resignation, & felt great about it. His nickname was 'Chaos', which I didn’t like, & changed it to 'Mad Dog'"

Obama praises young protesters, urges mayors to pursue police reforms

Former President Barack Obama called on all mayors to review their use-of-force policies and commit to policing reform in a virtual town hall Wednesday hosted by the Obama Foundation's My Brothers Keepers Alliance.

Why it matters: Obama has addressed the killing of George Floyd and the nationwide protests that followed on social media and in a Medium post, but this was his first time speaking about the past week's events on camera. His voice will add weight to the growing pressure on local, state and federal officials to pursue policing reforms.

James Mattis condemns Trump as a threat to the Constitution

Mattis on Fox in Septemnber 2019 in New York City. Photo: Steven Ferdman/Getty Images

Former Secretary of Defense James Mattis condemned President Trump for making a "mockery of our Constitution" in a statement to The Atlantic on Wednesday, saying he was "appalled" at the president's response to mass protests in the wake of George Floyd's killing.

Why it matters: Trump’s former defense secretary had refrained from publicly criticizing his former boss since resigning in 2018.