Sponsored By

Black Hat USA: Worst Supply Chain Attacks Are Yet to ComeBlack Hat USA: Worst Supply Chain Attacks Are Yet to Come

Due to COVID-19, the hybrid event is both virtual and in person.

Edward Gately

August 5, 2021

7 Slides
technology supply chain

BLACK HAT USA — It’s early days in terms of supply chain cyberattacks, according to the opening keynote speaker at Black Hat USA 2021. Furthermore, the size and scope of what’s to come will make what’s happened so far look like “peanuts.”

Matt Tait, chief operating officer at Corellium, was the opening keynote at Black Hat USA 2021. Due to the pandemic, the event is hybrid with attendees participating both in person and virtually. The in-person event also is much smaller, drawing fewer than 5,000 attendees as opposed to nearly 20,000 in past years.

Tait talked about the state of supply chain risks, what happens when they go wrong, and what steps the industry can take to mitigate some of them.

In supply chain attacks, bad actors target a system upstream instead of what they want, he said. They’re more interested in a company’s customers. That’s why malicious hackers target general purpose software providers like Kaseya.

“Supply chain intrusions are unusually enormous,” Tait said. “SolarWinds was enormous, but was it as enormous as could have been? SolarWinds has 300,000 customers [and]18,000 infected.”

SolarWinds has clarified that actually fewer than 100 of its customers were hacked.

Kaseya was a “huge attack, but weirdly small” when you think about how big Kaseya is, he said. Just .1% of Kaseya’s customers ended up getting this ransomware.

Supply chain intrusions are not like other intrusions, Tait said. They’re different and work in different ways. And they’re “huge” by default and the scale “dwarfs” other attacks.

“So how do we fix it?” he asked. “It’s not going to be fixed by the U.S. government, federal agencies, or a consortium of governments. The only way to tackle this at scale is to fix the underlying technology. Platform vendors need to step in.”

Channel Futures is in attendance at Black Hat this week. Scroll through our slideshow above for more from Tait and other highlights from the event. (Black Hat USA is presented by Informa, the parent company of Channel Futures.)

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:

MSPsVARs/SIsChannel Research

About the Author(s)

Edward Gately

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

See more from Edward Gately
Free Newsletters for the Channel
Register for Your Free Newsletter Now
Subscribe

You May Also Like

Galleries
See all
Sep 16 - Sep 19, 2024
The strength of the channel is undeniable as we saw at our record-breaking Channel Partners Conference & Expo in Las Vegas. As the landscape of the channel continues to evolve with M&A, emerging partner models and the race for recurring revenue, IT and communications vendors are doubling down on their partner programs as they seek new avenues for growth. As a result, channel leaders have to be more agile than ever to stay ahead of the curve. At Channel Futures Leadership Summit, current and future leaders will come together in sunny Miami to connect, learn from one another, collaborate and hone their leadership skills. Get notified when registration opens for 2024.
Get Notified