Speakers
Synopsis
In an era where software supply chain attacks have become sophisticated "cyber weapons," Australian organisations and government agencies face an unprecedented challenge: How do infosec teams gain insight into this new threat type? Attacks on the software supply chain are increasing by over 700% every year, and this year saw a global “near miss” with the XZ utils attack which almost made its way into every Mac and Linux operating system on early.
This presentation will explore the urgent need for investing in robust threat intelligence specifically tailored to identify software supply chain vulnerabilities.
Key points to be covered:
- The evolution of software supply chain attacks into complex, multi-staged ""cyber weapons"" designed for long-term persistence and modular in nature
- The global landscape of threat actors, including nation-states and advanced APT groups, actively deploying these cyber weapons
- Case studies of significant supply chain attacks, such as the XZ utils incident, and their potential impact on Australian companies, government and critical infrastructure
- The current lack of visibility into software delivery processes in most organisations, leaving them vulnerable to undetected attacks
- How organisations can build threat intel capability and learn to “hunt forward” for software supply chain threats
This presentation will argue that investing in specialised threat intelligence is no longer optional but a critical necessity for Australian entities. By understanding the components of these cyber weapons - malicious packages and containers, malicious GitHub apps, malicious CDNs, fake software developers collaborating on open-source projects - organisations can better protect their digital assets and intellectual property.
We will discuss strategies for developing internal capabilities, partnering with experts, and integrating this intelligence into existing cybersecurity frameworks. The goal is to equip Australian organizations with the knowledge and tools needed to proactively defend against these evolving threats, ensuring the resilience of our national digital infrastructure.
