Upstream Attacks

What are upstream attacks?

Upstream attacks seek to infiltrate upstream software providers in the supply chain – often “obscure but essential” software with admin and network access to install backdoors. Depending on how widely used the targeted software is, an upstream attack can cascade to thousands of systems and enterprises. Upstream attacks pose a particular challenge to organizations that aren’t going to build their own software and don’t have effective measures in place to manage counterparty risk.