Recorded Tuesday, October 10, 2023

The modern attack surface includes organizational assets spread all over the Internet. But it extends beyond them. The security of an organizational asset depends on its relationships with other assets, many of which are not part of the organization. This session will shed light on digital supply-chain attacks at the infrastructure level: attacks on organizations via external infrastructures to which organizational assets are connected directly and indirectly.

In this presentation, IONIX CTO and cofounder Dr. Nethanel Gelernter will survey four types of digital supply-chain attacks across Web, DNS, Mail, and Cloud infrastructure. Starting with the breach use case that triggered the research on this topic, Dr. Gelernter will explain the concept and complexity of digital supply-chain attacks.

For each type of digital supply chain attack, Dr. Gelernter will analyze the use case, present examples, and provide statistics about exploits that IONIX’s research team has observed in the wild. He will also share strategies and processes to reduce exposure based on work with enterprises, including those already compromised.