Visible to the public Biblio

Filters: Keyword is Cyber Attacks  [Clear All Filters]
2021-10-27
Peter Champion, Rachel Bruenjes, Michael Cohen, Jade Freeman, Ryne Graf, Moh Kilani, Caroline O'Leary, Christopher Pashley, John Ryan, Genevieve Shannon et al..  2018.  Cyber Resilience and Response. :1-45.

Another risk posed by the limited number of available vendors is the threat of supply chain attacks. According to researchers at CrowdStrike on June 27, 2017 the destructive malware known as NotPetya was deployed using a legitimate software package employed by organizations operating in Ukraine. The attack used an update mechanism built into the software to provide updates and distribute them to the vendor’s customers. This same mechanism had been used a month earlier to deploy other ransomware attacks. Supply chain attacks exploit a trust relationship between software or hardware vendors and their customers. These attacks can be widespread targeting the entire trusted vendor’s customer base and are growing in frequency as well as sophistication.

2021-10-26
[Anonymous].  2021.  Disrupting Exploitable Patterns in Software to Make Systems Safer.

The Hardening Development Toolchains Against Emergent Execution Engines (HARDEN) program seeks to give developers a way to understand emergent behaviors and thereby create opportunity to choose abstractions and implementations that limit an attacker’s ability to reuse them for malicious purposes, thus stopping the unintentional creation of weird machines. HARDEN will explore novel theories and approaches and develop practical tools to anticipate, isolate, and mitigate emergent behaviors in computing systems throughout the entire software development lifecycle (SDLC).