Software supply chain attacks are not new, but as weve seen recently, if executed successfully they can have huge payoffs for sophisticated attackers. Detecting malicious code inserted into a trusted vendors security updates is extremely difficult to do at scale. Most organizations still struggle for months to detect malicious actors within their network who managed to gain a foothold from much more common attack vectors, such as compromising vulnerable systems exposed to the internet or spear phishing. The best blue teams are empowered to understand how advanced attacks work step-by-step, including gaining awareness in the gaps of their security stack.”]
Source: https://securityintelligence.com/posts/effective-approach-to-software-supply-chain-cyberattacks/