In mid-2017, Russian state-sponsored attackers installed a malicious worm in a Ukrainian financial software package. When businesses updated their software, it became infected. The worm, NotPetya, spread quickly, doing billions of dollars of damage around the world. The White House called it “the most destructive and costly cyberattack in history.”
Three years later, Russia-linked attackers hijacked the software upgrade process of another piece of enterprise software, SolarWinds’ Orion network monitoring toolset. Again, the impact was widespread.
“Having access to the software development pipelines gives them a chance to reach networking infrastructure and get access to intellectual property,” says Viktor Gazdag, senior security consultant at NCC Group, a global cybersecurity advisory firm.
