Understanding Supply Chain Attacks Threat Landscape, Ifigeneia Lella ENISA

The presentation aims at highlighting the key observations and major findings described/illustrated in the ENISA “Threat Landscape for Supply Chain Attacks” report that was published in July 2021. The report provides a mapping and analysis of 24 supply chain attacks based on incidents identified and reported from January 2020 to early July 2021, along with their classification based on a proposed taxonomy of their key characteristics and techniques. The analysis answers the questions: what are the most common attack techniques being used in supply chain attacks, what are the main customer assets that attackers are after and which is the relationship between attacks and assets targeted.