BluBracket explains to Government Info Security how since malware is being covered, hackers have moved on to code.
“Hackers have increasingly focused on finding legitimate credentials and/or injecting backdoors into code, says Casey Bisson, head of product and developer relations at BluBracket, a Palo Alto-based code security solution provider.
It’s the prime reason behind Gartner’s prediction that by 2025, 45% of companies will have experienced an attack on their software supply chain.
Bisson says that in addition to phishing and credential stuffing, undisclosed backdoors, default credentials and vulnerabilities in code are some of the most heavily exploited chinks in the armor.
Explaining why code is the largest and least protected attack vector, he says hackers scour public code repositories looking for code vulnerabilities or credentials that give them initial access and evade tools that focus on malware detection. This, he says, is why companies are always “playing whack-a-mole with hackers.”