{"id":16143,"date":"2022-04-14T07:23:17","date_gmt":"2022-04-14T05:23:17","guid":{"rendered":"https:\/\/www.m-q.ch\/?p=16143"},"modified":"2022-04-28T09:57:44","modified_gmt":"2022-04-28T07:57:44","slug":"supply-chain-attack-when-cyber-attacks-come-via-update","status":"publish","type":"post","link":"https:\/\/www.m-q.ch\/en\/supply-chain-attack-when-cyber-attacks-come-via-update\/","title":{"rendered":"Supply chain attack: When cyber attacks come via update"},"content":{"rendered":"<figure id=\"attachment_16144\" aria-describedby=\"caption-attachment-16144\" style=\"width: 680px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-16144\" src=\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ.jpg\" alt=\"\" width=\"680\" height=\"453\" srcset=\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ.jpg 680w, https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ-18x12.jpg 18w, https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ-263x175.jpg 263w, https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ-525x350.jpg 525w, https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ-300x200.jpg 300w\" sizes=\"auto, (max-width: 680px) 100vw, 680px\" \/><figcaption id=\"caption-attachment-16144\" class=\"wp-caption-text\">A supply chain attack is an increasingly common case of cyber attack and can become a threat to small and medium-sized businesses. (Image: Pixabay.com)<\/figcaption><\/figure>\n<p>An attack on the IT supply chain aims to manipulate the production process of a third-party software from development to updating, so that malicious code is pushed out instead of an update. This IT supply chain is vulnerable and cyber criminals are increasingly attacking it. This is because such a supply chain attack is efficient for them: when they attack software packages and platforms of software and information systems providers, they reach multiple victims in one fell swoop. It makes little sense for the hacker to attack one company at a time with a complex attack when there may be tens of thousands of companies and organizations using a widely deployed application or service that is efficiently within their reach. The December 2020 attack on Solarwinds' supply chain affected close to 18,000 of Solarwinds' 300,000 customers worldwide. In addition to a mass attack, however, highly targeted attacks via the supply chain are just as possible.<\/p>\n<h2><strong>Supply chain attack locations<\/strong><\/h2>\n<p>A compromised supply chain is difficult for affected customers to detect. Therefore, cyber criminals have enough time to cause damage - such as data exfiltration, attacks on systems or disrupting processes. These attacks are different from previous attacks targeting individual customers and pose a challenge even for experts. It is not for nothing that the European Union Agency for Cybersecurity estimates, <a href=\"https:\/\/www.enisa.europa.eu\/publications\/threat-landscape-for-supply-chain-attacks\">ENISA<\/a>The risk is high even for companies whose IT defenses are actually quite well established.<\/p>\n<figure id=\"attachment_16145\" aria-describedby=\"caption-attachment-16145\" style=\"width: 680px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-16145\" src=\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-2_MQ.jpg\" alt=\"\" width=\"680\" height=\"253\" srcset=\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-2_MQ.jpg 680w, https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-2_MQ-18x7.jpg 18w, https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-2_MQ-375x140.jpg 375w, https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-2_MQ-300x112.jpg 300w\" sizes=\"auto, (max-width: 680px) 100vw, 680px\" \/><figcaption id=\"caption-attachment-16145\" class=\"wp-caption-text\">Phases of a supply chain attack. (Image source: Bitdefender)<\/figcaption><\/figure>\n<p>An attack can be launched at multiple stages of the supply chain for developing, deploying or updating software. Compromising supplier IT does not constitute a supply chain attack. It involves modifying code sources and writing scripts. Depending on which link in the supply chain the hacker starts at, the skills required of him or the possibilities for the defense to recognize a manipulation are all the more different. The following phases in the supply chain can be distinguished as starting points for an attack:<\/p>\n<ul>\n<li><strong>Phase One - Programming:<\/strong> These attacks are relatively easy to detect. They start via targeted mails, exploits and malicious websites to gain access to the programming code. It is relatively easy for a hacker to change the code at that point. But what they have changed is visible in the logs.<\/li>\n<li><strong>Phase Two - Versioning:<\/strong> Attackers can drive an attack via a remote desktop protocol (RDP) with little effort. Weak passwords and exploits of an application help them to do so. They can also have modified versions rolled out in a reduced or delayed scope, because they have direct access to source code and logs and leave few traces. But the modified code proves the manipulation.<\/li>\n<li><strong>Phase Three - Implementation (Build): <\/strong>This is where it gets more challenging for the hackers, but unfortunately also for the defenses. The means are the old ones and attackers use RDP attacks, weak passwords and exploits in the application. But they need a good understanding of scripts. This is because the necessary modifications to individual builds take a lot of time and are complex. The modified code can be hidden. The defense would also have to check the successive script versions individually to detect manipulations.<\/li>\n<li><strong>Phase Four - Signing the components:<\/strong> If the attacker gets involved now, he does not have to manipulate code. He simply replaces the actual code with malicious code. But a validation in the supply chain concept will reject this fake update. Hackers must therefore meet some minimum criteria for legal updates in their fake programs.<\/li>\n<li><strong>Phase Five - Delivery:<\/strong> Here, too, an attacker only has to exchange the components. But the malicious components then have no signature and can be recognized by it.<\/li>\n<\/ul>\n<h2><strong>How can SMEs protect themselves?<\/strong><\/h2>\n<p>Although the attacks take place in the update supplier's supply chain, the attacks also affect smaller and medium-sized companies. To arm themselves against the damage of a supposedly legal update, they should follow these measures:<\/p>\n<ol>\n<li>A <strong>Implement comprehensive cybersecurity<\/strong>which includes Endpoint Detection and Response (EDR), but which, thanks to Threat Intelligence, also sees and reports suspicious data connections. After all, a common symptom of a successful supply chain attack is communication with a malicious command-and-control server. Companies with limited IT resources in particular should also consider a managed detection and response (MDR) service, and with it the expertise and time of IT security analysts. Only by combining EDR and MDR can managers see anomalies as they occur.<\/li>\n<li>Equally important is <strong>Educating employees about phishing<\/strong>, to prevent the hijacking of an identity in the supply chain process.<\/li>\n<li>It is central to <strong>Know and continuously review a company's supply chain processes<\/strong>. Does an IT manager even know which software or service updates it obtains from whom and when? What hardware does it acquire and how is it protected from receiving malware through this? Every security manager should ask the following questions of his IT supplier:<br \/>\n- Is the vendor's software\/hardware development process documented, traceable, and verifiable?<br \/>\n- Is fixing known vulnerabilities factored into product design and architecture, runtime protection, and code review?<br \/>\n- How does the vendor keep a customer informed of emerging vulnerabilities?<br \/>\n- What options does the vendor have to address \"zero-day\" vulnerabilities - those vulnerabilities that are designed into software from the beginning and are discovered later?<br \/>\n- How does the supplier manage and monitor the production processes of a software and update?<br \/>\n- What does the vendor do to protect its updates from tampering and malware?<br \/>\n- What type of employee background check is conducted at the provider and how frequently?<br \/>\n- How secure is the update rollout?<\/li>\n<\/ol>\n<p>Anyone who receives a software update must be sure that they are not receiving malicious malware: At the end of the day, he has to suffer the consequences of a successful supply chain attack himself. Caution and a well-considered selection of suppliers, combined with comprehensive IT security, are the best helpers against a type of attack whose risk potential is far from exhausted.<\/p>\n<p>\n<strong><em>Author:<\/em><\/strong><br \/>\n<em>J\u00f6rg von der Heydt is Regional Director DACH at Bitdefender.<\/em><\/p>","protected":false},"excerpt":{"rendered":"<p>An attack on the IT supply chain aims to manipulate the production process of a third-party software from development to updating, so that malicious code is pushed out instead of an update. This IT supply chain is vulnerable and cyber criminals are increasingly attacking it. That's because such a supply chain attack is efficient for them: if they can manipulate vendors' software packages and platforms [...]<\/p>","protected":false},"author":10,"featured_media":16144,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[4],"tags":[3406,3560,3501,3423],"class_list":["post-16143","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-risikomanagement","tag-checkliste","tag-cybersicherheit","tag-it","tag-supply-chain-management"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Supply-Chain-Attacke: Wenn Cyber-Angriffe per Update kommen - MQ Management und Qualit\u00e4t<\/title>\n<meta name=\"description\" content=\"Angriffe auf die Lieferkette f\u00fcr Software (und f\u00fcr Hardware) \u2013 als Supply-Chain-Attacke \u2013 bedrohen auch kleine und mittlere Unternehmen.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.m-q.ch\/en\/supply-chain-attack-when-cyber-attacks-come-via-update\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Supply-Chain-Attacke: Wenn Cyber-Angriffe per Update kommen\" \/>\n<meta property=\"og:description\" content=\"Angriffe auf die Lieferkette f\u00fcr Software (und f\u00fcr Hardware) \u2013 als Supply-Chain-Attacke \u2013 bedrohen auch kleine und mittlere Unternehmen.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.m-q.ch\/en\/supply-chain-attack-when-cyber-attacks-come-via-update\/\" \/>\n<meta property=\"og:site_name\" content=\"MQ Management und Qualit\u00e4t\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ManagementUndQualitaet\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-14T05:23:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-28T07:57:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"680\" \/>\n\t<meta property=\"og:image:height\" content=\"453\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Berner\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"#Supply-Chain-Attacke: Wenn #Cyber-Angriffe per #Update kommen\" \/>\n<meta name=\"twitter:description\" content=\"Angriffe auf die #Lieferkette f\u00fcr Software (und f\u00fcr Hardware) \u2013 als #Supply-Chain-Attacke \u2013 bedrohen auch kleine und mittlere Unternehmen.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Berner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/\"},\"author\":{\"name\":\"Thomas Berner\",\"@id\":\"https:\/\/www.m-q.ch\/fr\/#\/schema\/person\/a8711938b1cfb3f056dec70eaa0b42ab\"},\"headline\":\"Supply-Chain-Attacke: Wenn Cyber-Angriffe per Update kommen\",\"datePublished\":\"2022-04-14T05:23:17+00:00\",\"dateModified\":\"2022-04-28T07:57:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/\"},\"wordCount\":1025,\"publisher\":{\"@id\":\"https:\/\/www.m-q.ch\/fr\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ.jpg\",\"keywords\":[\"Checkliste\",\"Cybersicherheit\",\"IT\",\"Supply Chain Management\"],\"articleSection\":[\"Risikomanagement\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/\",\"url\":\"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/\",\"name\":\"Supply-Chain-Attacke: Wenn Cyber-Angriffe per Update kommen - MQ Management und Qualit\u00e4t\",\"isPartOf\":{\"@id\":\"https:\/\/www.m-q.ch\/fr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ.jpg\",\"datePublished\":\"2022-04-14T05:23:17+00:00\",\"dateModified\":\"2022-04-28T07:57:44+00:00\",\"description\":\"Angriffe auf die Lieferkette f\u00fcr Software (und f\u00fcr Hardware) \u2013 als Supply-Chain-Attacke \u2013 bedrohen auch kleine und mittlere Unternehmen.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/#primaryimage\",\"url\":\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ.jpg\",\"contentUrl\":\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ.jpg\",\"width\":680,\"height\":453,\"caption\":\"Eine Supply-Chain-Attacke ist ein immer h\u00e4ufiger auftretender Fall von Cyber-Angriff und kann f\u00fcr kleine und mittlere Unternehmen zu einer Bedrohung werden. (Bild: Pixabay.com)\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Risikomanagement\",\"item\":\"https:\/\/www.m-q.ch\/kategorie\/risikomanagement\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Supply-Chain-Attacke: Wenn Cyber-Angriffe per Update kommen\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.m-q.ch\/fr\/#website\",\"url\":\"https:\/\/www.m-q.ch\/fr\/\",\"name\":\"MQ Management und Qualit\u00e4t\",\"description\":\"Plattform f\u00fcr integrierte Managementsysteme.\",\"publisher\":{\"@id\":\"https:\/\/www.m-q.ch\/fr\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.m-q.ch\/fr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.m-q.ch\/fr\/#organization\",\"name\":\"Galledia Fachmedien AG\",\"url\":\"https:\/\/www.m-q.ch\/fr\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.m-q.ch\/fr\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2020\/12\/cropped-logo_small.png\",\"contentUrl\":\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2020\/12\/cropped-logo_small.png\",\"width\":512,\"height\":512,\"caption\":\"Galledia Fachmedien AG\"},\"image\":{\"@id\":\"https:\/\/www.m-q.ch\/fr\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/ManagementUndQualitaet\",\"https:\/\/www.linkedin.com\/showcase\/17982321\/admin\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.m-q.ch\/fr\/#\/schema\/person\/a8711938b1cfb3f056dec70eaa0b42ab\",\"name\":\"Thomas Berner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.m-q.ch\/fr\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/faea7857408f70478f976d576da10f96?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/faea7857408f70478f976d576da10f96?s=96&d=mm&r=g\",\"caption\":\"Thomas Berner\"},\"url\":\"https:\/\/www.m-q.ch\/en\/author\/thomas-berner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Supply chain attack: When cyber attacks come via update - MQ Management and Quality","description":"Attacks on the supply chain for software (and for hardware) - as a supply chain attack - also threaten small and medium-sized enterprises.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.m-q.ch\/en\/supply-chain-attack-when-cyber-attacks-come-via-update\/","og_locale":"en_US","og_type":"article","og_title":"Supply-Chain-Attacke: Wenn Cyber-Angriffe per Update kommen","og_description":"Angriffe auf die Lieferkette f\u00fcr Software (und f\u00fcr Hardware) \u2013 als Supply-Chain-Attacke \u2013 bedrohen auch kleine und mittlere Unternehmen.","og_url":"https:\/\/www.m-q.ch\/en\/supply-chain-attack-when-cyber-attacks-come-via-update\/","og_site_name":"MQ Management und Qualit\u00e4t","article_publisher":"https:\/\/www.facebook.com\/ManagementUndQualitaet","article_published_time":"2022-04-14T05:23:17+00:00","article_modified_time":"2022-04-28T07:57:44+00:00","og_image":[{"width":680,"height":453,"url":"https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ.jpg","type":"image\/jpeg"}],"author":"Thomas Berner","twitter_card":"summary_large_image","twitter_title":"#Supply-Chain-Attacke: Wenn #Cyber-Angriffe per #Update kommen","twitter_description":"Angriffe auf die #Lieferkette f\u00fcr Software (und f\u00fcr Hardware) \u2013 als #Supply-Chain-Attacke \u2013 bedrohen auch kleine und mittlere Unternehmen.","twitter_image":"https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ.jpg","twitter_misc":{"Written by":"Thomas Berner","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/#article","isPartOf":{"@id":"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/"},"author":{"name":"Thomas Berner","@id":"https:\/\/www.m-q.ch\/fr\/#\/schema\/person\/a8711938b1cfb3f056dec70eaa0b42ab"},"headline":"Supply-Chain-Attacke: Wenn Cyber-Angriffe per Update kommen","datePublished":"2022-04-14T05:23:17+00:00","dateModified":"2022-04-28T07:57:44+00:00","mainEntityOfPage":{"@id":"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/"},"wordCount":1025,"publisher":{"@id":"https:\/\/www.m-q.ch\/fr\/#organization"},"image":{"@id":"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/#primaryimage"},"thumbnailUrl":"https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ.jpg","keywords":["Checkliste","Cybersicherheit","IT","Supply Chain Management"],"articleSection":["Risikomanagement"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/","url":"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/","name":"Supply chain attack: When cyber attacks come via update - MQ Management and Quality","isPartOf":{"@id":"https:\/\/www.m-q.ch\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/#primaryimage"},"image":{"@id":"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/#primaryimage"},"thumbnailUrl":"https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ.jpg","datePublished":"2022-04-14T05:23:17+00:00","dateModified":"2022-04-28T07:57:44+00:00","description":"Attacks on the supply chain for software (and for hardware) - as a supply chain attack - also threaten small and medium-sized enterprises.","breadcrumb":{"@id":"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/#primaryimage","url":"https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ.jpg","contentUrl":"https:\/\/www.m-q.ch\/wp-content\/uploads\/2022\/04\/Supply-Chain-Attacke-Wenn-Cyber-Angriffe-per-Update-kommen-1_MQ.jpg","width":680,"height":453,"caption":"Eine Supply-Chain-Attacke ist ein immer h\u00e4ufiger auftretender Fall von Cyber-Angriff und kann f\u00fcr kleine und mittlere Unternehmen zu einer Bedrohung werden. (Bild: Pixabay.com)"},{"@type":"BreadcrumbList","@id":"https:\/\/www.m-q.ch\/supply-chain-attacke-wenn-cyber-angriffe-per-update-kommen\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Risikomanagement","item":"https:\/\/www.m-q.ch\/kategorie\/risikomanagement\/"},{"@type":"ListItem","position":2,"name":"Supply-Chain-Attacke: Wenn Cyber-Angriffe per Update kommen"}]},{"@type":"WebSite","@id":"https:\/\/www.m-q.ch\/fr\/#website","url":"https:\/\/www.m-q.ch\/fr\/","name":"MQ Management and Quality","description":"Platform for integrated management systems.","publisher":{"@id":"https:\/\/www.m-q.ch\/fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.m-q.ch\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.m-q.ch\/fr\/#organization","name":"Galledia Trade Media AG","url":"https:\/\/www.m-q.ch\/fr\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.m-q.ch\/fr\/#\/schema\/logo\/image\/","url":"https:\/\/www.m-q.ch\/wp-content\/uploads\/2020\/12\/cropped-logo_small.png","contentUrl":"https:\/\/www.m-q.ch\/wp-content\/uploads\/2020\/12\/cropped-logo_small.png","width":512,"height":512,"caption":"Galledia Fachmedien AG"},"image":{"@id":"https:\/\/www.m-q.ch\/fr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ManagementUndQualitaet","https:\/\/www.linkedin.com\/showcase\/17982321\/admin\/"]},{"@type":"Person","@id":"https:\/\/www.m-q.ch\/fr\/#\/schema\/person\/a8711938b1cfb3f056dec70eaa0b42ab","name":"Thomas Bernard","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.m-q.ch\/fr\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/faea7857408f70478f976d576da10f96?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/faea7857408f70478f976d576da10f96?s=96&d=mm&r=g","caption":"Thomas Berner"},"url":"https:\/\/www.m-q.ch\/en\/author\/thomas-berner\/"}]}},"_links":{"self":[{"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/posts\/16143","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/comments?post=16143"}],"version-history":[{"count":1,"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/posts\/16143\/revisions"}],"predecessor-version":[{"id":16146,"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/posts\/16143\/revisions\/16146"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/media\/16144"}],"wp:attachment":[{"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/media?parent=16143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/categories?post=16143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/tags?post=16143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}