Author/Source: Tonya Riley See the full link here
Takeaway
This article is about a cyberattack named “Shai Hulud” that targeted common pieces of software. You will learn how attackers hid harmful code inside popular tools used by many other computer programs.
Technical Subject Understandability
Intermediate
Analogy/Comparison
Imagine a company that makes toys. If someone secretly puts a harmful chemical into a basic plastic part used in many different toys, then all the toys made with that part become unsafe.
Why It Matters
This type of attack is important because it can secretly spread bad code to many computer systems at once. For example, if a developer used an infected software package, the attackers could gain a secret way into their computer systems and steal information.
Related Terms
Software supply chain attack, npm, Packages, Dependencies, Malware, Backdoor. Jargon Conversion: A software supply chain attack is when harmful code is hidden inside a small piece of software that many other programs use. npm is a popular online library where programmers share and use small pieces of JavaScript code. Packages are small, reusable pieces of computer code or software. Dependencies are when one computer program needs another specific piece of software or code to work correctly. Malware is software designed to harm or secretly access a computer system. A backdoor is a secret way for an unauthorized person to get into a computer system.
Tech Teacher 
Leave a comment