Bad actors have pumped the brakes when it comes to software supply-chain cyberattacks, but are continuing to accrue a hefty victim list.

Newly published data presented by data analytics platform Stocklytics shows that only 590 software packages were affected by a supply-chain attack in 2024, a 98% decrease from the year prior.

Comparitech data on worldwide supply-chain attacks provides more color on the nature of these attacks. Social engineering was the most common form of attack on suppliers during software supply-chain incidents this year. Joe Saunders, founder and CEO of RunSafe Security, told IT Brew that the attack form has been a problem and will “continue to be a problem.”

“You can just imagine how easy [it is] for somebody to click on a message they received either in social media or an email, not realizing that it’s a result of some kind of software attack that comes from it,” Saunders said.

Meanwhile, open-source code was most likely to be an attack target in software supply-chain attacks in 2024.

Read the rest here.—BM

Welcome to a new era. It’s equal parts exciting and unpredictable. The AI revolution has opened up incredible new possibilities, but there is a cost: far more complexity in data infrastructure.

The good news? Pure Storage has your back.

Pure transforms data storage into a service—saving time, energy, and money in the process. It’s designed to:

• Make data storage simple—not stressful.
• Help AI power the business—instead of overpaying for power.
• Enable storage to do much more—with a lot less.

The old world of data storage is extinct. Welcome to a new era of data services.

Data—at your service. From Pure Storage.

Human intelligence gathering isn’t typically a need-to-know skill in cybersecurity. But it is for Analyst1 Chief Security Strategist Jon DiMaggio, who befriended—and then doxxed—the leader of LockBit.

At DEF CON 32 in Las Vegas, DiMaggio told attendees how he spent years infiltrating the ransomware gang using numerous sock puppet accounts. After burning those personas in a January 2023 report on his findings, DiMaggio was even able to keep up a relationship with the gang’s leader, “LockBitSupp,” under his real name.

When US authorities identified and charged a Russian national named Dmitry Khoroshev as LockBitSupp in May 2024—and the UK’s National Crime Agency (NCA) seized LockBit’s site with an international task force, Operation Cronos—DiMaggio already knew his name. IT Brew caught up with DiMaggio after his talk to discuss the role of human intelligence in cybersecurity, why it works, and the war on ransomware.

This interview has been edited for length and clarity.

This kind of human intelligence, does it have a role in more typical security work, or is it primarily for these more bespoke things that you’re able to do?

I will say, there’s a lot of risk that goes in with the human side…Personal exposure, threats of everything from swatting, to acts of violence, to doxxing you and putting all your personal information out there.

Read more here.—TM

Summer break is over, but the tech C-suite didn’t take time off. Here’s who’s in and out for August.

Steve Hagerman joins Truist as new CIO

Truist Financial announced Aug. 8 that Steve Hagerman will join the company as CIO on Oct. 28. Hagerman, currently Wells Fargo CIO of consumer technology, has 25 years of tech experience, including over 17 years at JP Morgan Chase in a variety of engineering and other tech-heavy roles.

At Truist, Hagerman will head up the financial institution’s enterprise team, focusing on security, AI, and data and analytics, among other concerns.

Berta Rodriguez-Hervas is new AI chief at Pfizer

Pfizer, perhaps looking to inoculate its business from cyber competition, chose Berta Rodriguez-Hervas as the company’s new chief AI and analytics officer. Rodriguez-Hervas’s appointment was announced Aug. 12 in a LinkedIn post by Pfizer CTO Lidia Fonseca, who wrote the new executive “has an extensive background in AI, machine learning, and analytics, with a track-record of quickly developing AI solutions and delivering them at scale in large global organizations.”

Rodriguez-Hervas was most recently VP of AI, algorithms, and ML ops at Stellantis, a position she held for over two years. She worked with Nvidia for more than four years and Tesla for a little over two years.

Keep reading here.—EH

Time to book it. Attention, attention: Calling all IAM pros. Gartner is hosting a summit on all things IAM: program management, access management, IGA—you name it. They’re also gonna spill the deets on AI and innovative tech. It’s set to take place Dec. 9–11 in Grapevine, Texas. Save your spot.