The article explains how AWS and Checkmarx collaborate to help financial services firms secure cloud-native applications and speed secure development, while emphasizing OSS supply chain risk management. It highlights three trends—customer experience, ecosystem-based banking with APIs, and cyber event recovery—and promotes SBOM-based tooling to defend banking software. #SupplyChainAttack #OSS #SBOM #BankingSector #OpenBanking #APIs #AppSec #AWS #Checkmarx
Keypoints
- Banks are migrating to cloud-native development and need security integrated into DevOps to maintain speed and safety.
- AWS and Checkmarx offer an integrated AppSec approach to secure cloud-native applications and accelerate secure delivery.
- Trend 1: Customer experience is the commercial battleground, driven by AI/ML, voice authentication, sentiment analysis, chatbots, and embedded finance.
- Trend 2: Ecosystem-based banking and banking-as-a-service place APIs at the center, enabling open banking and third-party distribution.
- Trend 3: Cyber event recovery focuses on reducing the attack surface and meeting regulatory requirements, supported by AWS security tools and Checkmarx AppSec.
- Checkmarx’s SCA and SBOM capabilities help identify and manage OSS supply chain risks within modern CI/CD workflows.
MITRE Techniques
- [T1195] Supply Chain Compromise – The article discusses targeted OSS supply chain attacks against the banking sector and the need to secure OSS supply chains with SBOMs; as stated, the attacks are the “first-known targeted OSS supply chain attacks against the banking sector.”
Indicators of Compromise
- [IOC Type] No IOCs mentioned – none provided in the article
Read more: https://checkmarx.com/blog/first-known-targeted-oss-supply-chain-attacks-against-the-banking-sector/