Perspective: State of the Marketplace
Dropbox has uncovered a staggering 264 vulnerabilities that were discovered during a bug-hunting event. Fortunately this event was sponsored by them specifically for the purpose of finding and remediating security vulnerabilities. The number of vulnerabilities should make anyone in charge of a vendor-management program pay attention – what other web services are being used by your company, and how secure are they really?
In a related story, half of cyber-attacks involve the supply chain. This kind of supply chain attack can happen in several different ways. Most common is a network-based attack which sometimes occurs via a compromised managed security services provider (MSSP). However, watering hole attacks on partner sites are also popular. A relatively new tactic highlighted by Carbon Black is the “reverse BEC” in which attackers compromise the mail server of an organization and use this to spread fileless malware attacks to trusted partners.