To access material, start machines and answer questions login.
Set up your virtual environment
Supply chain attacks are a rising threat in cyber security, targeting the trusted parts of software development. Instead of attacking a company directly, attackers go after third-party components like libraries, packages, or services that many applications rely on. These attacks are particularly dangerous because they can spread quickly to many applications and often remain unnoticed until significant damage is done. A simple example is downloading an update for your favourite software from the attacker-controlled domain.
A recent supply chain attack on Lottie Player was carried out using a developer's compromised access token. The attacker's main objective was to trick web users accessing a compromised player into connecting their crypto wallets so that they could steal funds.
Learning Objectives
- Workings of a supply chain attack
- How to exploit a supply chain attack
- Protection and mitigation measures
Room Prerequisites
Understanding the following topics is recommended before starting the room:
Connecting to the Machine
You can start the lab machine by clicking Start Lab Machine. The machine will start in a split-screen view. If the VM is not visible, use the blue Show Split View button at the top of the page. Please wait 1-2 minutes after the system boots completely to let the auto scripts run successfully. When the lab machine starts, click on the Start AttackBox (AB) button at the top of the page, as the AB is required to complete the exercises.
Let's begin!
Ready to learn Cyber Security?
The Supply Chain Attack: Lottie room is only available for Premium or Max subscribers. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in

