* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/)
* 2018 Predictions \& R...

# 2018 Predictions \& Recommendations: The Era of Software Supply-Chain Attacks Has Begun

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F12%2F2018-predictions-recommendations-era-software-supply-chain-attacks-begun%2F)  
[](https://twitter.com/share?text=2018+Predictions+%26%23038%3B+Recommendations%3A+The+Era+of+Software+Supply-Chain+Attacks+Has+Begun&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F12%2F2018-predictions-recommendations-era-software-supply-chain-attacks-begun%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F12%2F2018-predictions-recommendations-era-software-supply-chain-attacks-begun%2F&title=2018+Predictions+%26%23038%3B+Recommendations%3A+The+Era+of+Software+Supply-Chain+Attacks+Has+Begun&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2017/12/2018-predictions-recommendations-era-software-supply-chain-attacks-begun/&ts=markdown)  
\[\](mailto:?subject=2018 Predictions \& Recommendations: The Era of Software Supply-Chain Attacks Has Begun)  
Link copied  
By [Ryan Olson](https://www.paloaltonetworks.com/blog/author/ryan-olson/?ts=markdown "Posts by Ryan Olson")  
Dec 18, 2017  
3 minutes  
[Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)  
[2018 Predictions \& Recommendations](https://www.paloaltonetworks.com/blog/tag/2018-predictions-recommendations/?ts=markdown)  
[Supply Chain](https://www.paloaltonetworks.com/blog/tag/supply-chain/?ts=markdown)  
[threat](https://www.paloaltonetworks.com/blog/tag/threat/?ts=markdown)

[](https://www.paloaltonetworks.com/blog/predictions/?ts=markdown)  
[![cpr tl Blog 600x300](https://www.paloaltonetworks.com/blog/wp-content/uploads/2017/12/cpr-tl-Blog-600x300.png)](https://www.paloaltonetworks.com/blog/predictions/?ts=markdown)

*This post is part of an ongoing blog series examining predictions and recommendations for cybersecurity in 2018.*

The idea that users might accidentally trust software that has been secretly compromised is over 30 years old, dating back to Ken Thompson's [Reflections on Trusting Trust](http://vxer.org/lib/pdf/Reflections%20on%20Trusting%20Trust.pdf) published in 1984. When we choose to execute programs on computers of all types, we're choosing to trust that none of the people who played a role in creating, packaging and delivering that software either have malicious intent or have been compromised themselves.

In the past two years, we've seen multiple cases of compromises in the "Software Supply Chain," which delivers trusted software and updates to our systems for execution; and the impact of those compromises has continued to escalate. Here are a few examples we've noted in that time:

* September 2015 -- [XcodeGhost](https://www.paloaltonetworks.com/blog/2015/09/malware-xcodeghost-infects-39-ios-apps-including-wechat-affecting-hundreds-of-millions-of-users/?ts=markdown): An attacker distributed a version of Apple's Xcode software (used to build iOS and macOS applications), which injected additional code into iOS apps built using it. Eventually, thousands of compromised apps were identified in Apple's app store.
* March 2016 -- [KeRanger](https://www.paloaltonetworks.com/blog/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/?ts=markdown): Popular open source BitTorrent client, Transmission, was compromised to include macOS ransomware in its installer. Attackers compromised the legitimate servers used to distribute Transmission, so users who downloaded and installed the program would be infected with malware that held their files for ransom.
* June 2017 -- [NotPetya](https://www.paloaltonetworks.com/blog/2017/06/unit42-threat-brief-petya-ransomware/?ts=markdown): Attackers compromised a Ukrainian software company and distributed a destructive payload with network-worm capabilities through an update to the "MeDoc" financial software. After infecting systems using the software, the malware spread to other hosts in the network and caused a worldwide disruption affecting many organizations.

In each case, rather than targeting an organization directly through phishing or exploitation of vulnerabilities, the attackers chose to compromise software developers directly and use the trust we place in them to access other networks. This can be effective at evading certain prevention and detection controls that have been tuned to trust well-known programs. I predict that, in 2018, both the frequency and severity of these attacks will increase.

Software supply-chain attacks remind us how important it is to create a well-defended network with visibility at every point in the attack lifecycle, and the ability to identify and stop activity that has strayed from the norm. I suggest organizations prepare for this new era of attacks by investigating how their people, process and technology would defend them if their trusted software suddenly turned into malware through an automated update.

*** ** * ** ***

## Related Blogs

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### 2018 Predictions \& Recommendations: The Ransomware Epidemic Continues](https://www.paloaltonetworks.com/blog/2017/12/2018-predictions-recommendations-ransomware-plague-just-beginning/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### 2018 Predictions \& Recommendations: Data is the New Oil and Integrity is the Key](https://www.paloaltonetworks.com/blog/2017/12/2018-predictions-recommendations-data-new-oil-integrity-key/)

### [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Retail](https://www.paloaltonetworks.com/blog/category/retail/?ts=markdown)

[#### 2018 Predictions \& Recommendations: What Retailers Should be Thinking About and Planning for](https://www.paloaltonetworks.com/blog/2017/12/2018-predictions-recommendations-retailers-thinking-planning/)

### [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### 2018 Predictions \& Recommendations: Horizon Scanning in EMEA for 2018 and Beyond](https://www.paloaltonetworks.com/blog/2017/12/2018-predictions-recommendations-horizon-scanning-emea-2018-beyond/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### 2018 Predictions \& Recommendations: The Internet of Things Blurs the Line Between Personal and Corporate Security](https://www.paloaltonetworks.com/blog/2017/12/cso-2018-predictions-recommendations-internet-things-blurs-line-personal-corporate-security/)

### [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### 2018 Predictions \& Recommendations: The Cloud Will Accelerate Channel Partner Migration to Next-Generation Security Innovators](https://www.paloaltonetworks.com/blog/2017/11/2018-predictions-recommendations-cloud-will-accelerate-channel-partner-migration-next-generation-security-innovators/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language