The European Union Cybersecurity Agency (ENISA) warns of increasing supply chain attacks in 2021 as advanced persistent threat actors (APTs) employ more sophisticated techniques exceeding targeted attacks.
ENISA is the body responsible for EU-level coordinated actions on cybersecurity and emerging technologies like artificial intelligence and 5G.
The agency studied 24 supply chain attacks from January 2020 to July 2021 and found that strong security protection is no longer effective in defending against these forms of cyber-attacks.
The report, Threat Landscape for Supply Chain Attacks, concluded that organizations must employ new protection methods to defend against supply chain cyber threats.
The European agency found that half of the supply chain attacks experienced during the past 18 months originated from well-known advanced persistent threat actors, including APT29, APT41, Thallium, UNC2546, Lazarus, TA413, and TA428.
In almost two out of three (62%) recorded supply chain attacks, threat actors exploited supplier trust to infiltrate their victims.