Resistance is Futile – The Undefendable Supply-Chain Attack === :::info - **Date:** Oct.29th 11:00-11:40 - **Speaker:** Sung-Ting_Tsai,Linda_Kuo - **Category:** CyberCrime - Main Track > Whilst the world is suffering from cyber-attacks, a trend of a large-scale massacre is taking the world by storm. This year in March, the invasion against Asus, one of the largest computer and phone hardware manufacturers, hit the headlines of worldwide media. This event becomes one of most tremendous supply chain attack in the history and reveals the enormous threats hidden in the supply chain system nowadays.<br><br>In essence, the problem of supply chain attack resides in the trust of end users to their suppliers. By granting an update request (or sometimes unconsciously), some malware will be downloaded and implanted in the end user's device. Furthermore, digital certificate, the token of authenticity, is often exploited. Such violation of trust system makes supply chain attacks almost impossible to defend.<br><br>We have been tracking several serious Supply-Chain attacks for years, especially those attacks in Korea, Japan and Taiwan. In the first part of speech, we are going to disclose details of these incidents, including Winter Olympics, EmEditor, Garena (online game), CCleaner, Asus, etc., with their root cause and lessons learned. Many of the cases were investigated directly or assisted by the analysts of TeamT5. In the second part of speech, we will try to find those blind spots in cyber defense, and share a strategy to effectively shield from supply-chain attacks. ::: - Solution to Supply Chain attack - ###### tags: `CODEBLUE2019`,`CODEBLUE`