SCSW Back in 2020, Eric Scales led the incident response team investigating a nation-state hack that compromised his company’s servers along with those at federal agencies and tech giants including Microsoft and Intel.

“It was similar to a fraternity rush – the best experience I never want to do again,” Scales, head of incident response at Mandiant, told The Register. “It was quite intense. Little did we know we were going to be in the middle of the supply-chain attack of the decade.”  

This, of course, was SolarWinds attack, which has since been attributed to Russia’s Cozy Bear gang, and in addition to being the most high-profile supply-chain breach, it was also during the COVID-19 lockdown, so the IR team’s war room was entirely virtual.  

More than two years later, “I don’t think we’ve improved much at all,” he said. “It seems that supply chain attacks are just on the rise.” And these days, criminals are especially keen on attacking open source software libraries, he noted.

Still, there are valuable lessons to be learned from SolarWinds, and Scales has some good tips on how companies can protect themselves and what organizations should do if they find themselves in a similar situation.

As Scales told us: “This problem is not going away — it’s just going to get bigger.” ®