{"id":32783,"date":"2025-09-20T15:21:52","date_gmt":"2025-09-20T08:21:52","guid":{"rendered":"https:\/\/interdata.vn\/blog\/?p=32783"},"modified":"2025-09-27T10:23:34","modified_gmt":"2025-09-27T03:23:34","slug":"supply-chain-attack-la-gi","status":"publish","type":"post","link":"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/","title":{"rendered":"Supply Chain Attack l\u00e0 g\u00ec? Nguy\u00ean nh\u00e2n, C\u00e1ch th\u1ee9c &#038; C\u00e1ch ph\u00f2ng"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed8I DUNG<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#Supply-Chain-Attack-la-gi\" >Supply Chain Attack l\u00e0 g\u00ec?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#Doi-tuong-nao-de-bi-tan-cong-supply-chain\" >\u0110\u1ed1i t\u01b0\u1ee3ng n\u00e0o d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng supply chain?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#Nguyen-nhan-de-bi-tan-cong-Supply-Chain\" >Nguy\u00ean nh\u00e2n d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng Supply Chain<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#1-Lo-hong-bao-mat-tu-cac-nha-cung-cap\" >1. L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt t\u1eeb c\u00e1c nh\u00e0 cung c\u1ea5p<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#2-Quan-ly-vendor-kem\" >2. Qu\u1ea3n l\u00fd vendor k\u00e9m<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#3-Thieu-giam-sat-bao-mat-lien-tuc\" >3. Thi\u1ebfu gi\u00e1m s\u00e1t b\u1ea3o m\u1eadt li\u00ean t\u1ee5c<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#4-Cap-nhat-va-loi-cham\" >4. C\u1eadp nh\u1eadt v\u00e1 l\u1ed7i ch\u1eadm<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#5-Con-nguoi-nhan-thuc-bao-mat-yeu\" >5. Con ng\u01b0\u1eddi &amp; nh\u1eadn th\u1ee9c b\u1ea3o m\u1eadt y\u1ebfu<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#Cach-thuc-tan-cong-cua-supply-chain\" >C\u00e1ch th\u1ee9c t\u1ea5n c\u00f4ng c\u1ee7a supply chain\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#Cac-dang-Supply-Chain-Attack-pho-bien-hien-nay\" >C\u00e1c d\u1ea1ng Supply Chain Attack ph\u1ed5 bi\u1ebfn hi\u1ec7n nay<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#1-Tan-cong-vao-phan-memphan-cung\" >1. T\u1ea5n c\u00f4ng v\u00e0o ph\u1ea7n m\u1ec1m\/ph\u1ea7n c\u1ee9ng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#2-Tan-cong-vao-quy-trinh-process\" >2. T\u1ea5n c\u00f4ng v\u00e0o quy tr\u00ecnh (process)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#3-Tan-cong-vao-con-nguoi\" >3. T\u1ea5n c\u00f4ng v\u00e0o con ng\u01b0\u1eddi<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#Vi-du-ve-cac-cuoc-tan-cong-chuoi-cung-ung-Supply-Chain\" >V\u00ed d\u1ee5 v\u1ec1 c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng Supply Chain<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#Dependency-confusion-2021\" >Dependency confusion, 2021<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#Mimecast-2021\" >Mimecast, 2021<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#SolarWinds-2020\" >SolarWinds, 2020<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#ASUS-2018\" >ASUS, 2018<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#Event-stream-2018\" >Event-stream, 2018<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#Hau-qua-khi-bi-tan-cong-supply-chain\" >H\u1eadu qu\u1ea3 khi b\u1ecb t\u1ea5n c\u00f4ng supply chain<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#Huong-dan-cach-phong-supply-chain-attack-hieu-qua\" >H\u01b0\u1edbng d\u1eabn c\u00e1ch ph\u00f2ng supply chain attack hi\u1ec7u qu\u1ea3<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#Cac-cong-cu-quet-lo-hong-supply-chain\" >C\u00e1c c\u00f4ng c\u1ee5 qu\u00e9t l\u1ed7 h\u1ed5ng supply chain<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#Cau-hoi-thuong-gap-ve-supply-chain-attack-FAQs\" >C\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p v\u1ec1 supply chain attack (FAQs)<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#1-Tai-sao-supply-chain-attack-lai-nguy-hiem-hon-cac-cuoc-tan-cong-khac\" >1. T\u1ea1i sao supply chain attack l\u1ea1i nguy hi\u1ec3m h\u01a1n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng kh\u00e1c?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#2-Lam-the-nao-de-biet-he-thong-cua-toi-co-bi-tan-cong-khong\" >2. L\u00e0m th\u1ebf n\u00e0o \u0111\u1ec3 bi\u1ebft h\u1ec7 th\u1ed1ng c\u1ee7a t\u00f4i c\u00f3 b\u1ecb t\u1ea5n c\u00f4ng kh\u00f4ng?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/#3-Mot-doanh-nghiep-nho-can-lam-gi-de-bao-ve-minh\" >3. M\u1ed9t doanh nghi\u1ec7p nh\u1ecf c\u1ea7n l\u00e0m g\u00ec \u0111\u1ec3 b\u1ea3o v\u1ec7 m\u00ecnh?<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<p>Ng\u00e0y nay c\u00e1c doanh nghi\u1ec7p ph\u1ee5 thu\u1ed9c v\u00e0o h\u1ec7 sinh th\u00e1i ph\u1ea7n m\u1ec1m r\u1ed9ng l\u1edbn, m\u1ed9t m\u1ed1i \u0111e d\u1ecda m\u1edbi \u0111\u00e3 n\u1ed5i l\u00ean v\u00e0 g\u00e2y ra nh\u1eefng thi\u1ec7t h\u1ea1i kh\u00f4n l\u01b0\u1eddng: t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng (Supply Chain Attack). Nh\u01b0ng <a href=\"https:\/\/interdata.vn\/blog\/supply-chain-attack-la-gi\/\"><strong>Supply Chain Attack l\u00e0 g\u00ec<\/strong><\/a>, <strong>nguy\u00ean nh\u00e2n<\/strong> n\u00e0o d\u1eabn \u0111\u1ebfn t\u1ea5n c\u00f4ng Supply Chain v\u00e0 n\u00f3 <strong>nguy hi\u1ec3m nh\u01b0 th\u1ebf n\u00e0o<\/strong>? C\u00f3 c\u00e1ch n\u00e0o ph\u00f2ng ch\u1ed1ng kh\u00f4ng? InterData s\u1ebd gi\u00fap b\u1ea1n gi\u1ea3i \u0111\u00e1p qua b\u00e0i vi\u1ebft n\u00e0y.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Supply-Chain-Attack-la-gi\"><\/span>Supply Chain Attack l\u00e0 g\u00ec?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>Supply Chain Attack (T\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng) l\u00e0 h\u00e0nh vi m\u00e0 k\u1ebb x\u1ea5u nh\u1eafm v\u00e0o m\u1ed9t m\u1eaft x\u00edch y\u1ebfu trong qu\u00e1 tr\u00ecnh s\u1ea3n xu\u1ea5t v\u00e0 ph\u00e2n ph\u1ed1i ph\u1ea7n m\u1ec1m ho\u1eb7c ph\u1ea7n c\u1ee9ng<\/strong>. M\u1ee5c ti\u00eau c\u1ee7a ch\u00fang kh\u00f4ng ph\u1ea3i l\u00e0 c\u00f4ng ty \u0111\u00edch cu\u1ed1i c\u00f9ng, m\u00e0 l\u00e0 m\u1ed9t nh\u00e0 cung c\u1ea5p, \u0111\u1ed1i t\u00e1c, ho\u1eb7c m\u1ed9t d\u1ecbch v\u1ee5 b\u00ean th\u1ee9 ba m\u00e0 c\u00f4ng ty \u0111\u00f3 tin t\u01b0\u1edfng s\u1eed d\u1ee5ng.<\/p>\n<p>Khi k\u1ebb t\u1ea5n c\u00f4ng ch\u00e8n m\u00e3 \u0111\u1ed9c v\u00e0o s\u1ea3n ph\u1ea9m c\u1ee7a nh\u00e0 cung c\u1ea5p, m\u00e3 \u0111\u1ed9c s\u1ebd t\u1ef1 \u0111\u1ed9ng l\u00e2y lan \u0111\u1ebfn t\u1ea5t c\u1ea3 c\u00e1c kh\u00e1ch h\u00e0ng khi h\u1ecd c\u1eadp nh\u1eadt ho\u1eb7c c\u00e0i \u0111\u1eb7t s\u1ea3n ph\u1ea9m \u0111\u00f3. \u0110i\u1ec1u n\u00e0y t\u1ea1o ra m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng tr\u00ean di\u1ec7n r\u1ed9ng, g\u00e2y ra h\u1eadu qu\u1ea3 nghi\u00eam tr\u1ecdng h\u01a1n r\u1ea5t nhi\u1ec1u so v\u1edbi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng th\u00f4ng th\u01b0\u1eddng.<\/p>\n<figure id=\"attachment_32785\" aria-describedby=\"caption-attachment-32785\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32785\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Supply-Chain-Attack-la-gi.jpg\" alt=\"Supply Chain Attack l\u00e0 g\u00ec\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Supply-Chain-Attack-la-gi.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Supply-Chain-Attack-la-gi-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Supply-Chain-Attack-la-gi-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-32785\" class=\"wp-caption-text\">Supply Chain Attack l\u00e0 g\u00ec?<\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Doi-tuong-nao-de-bi-tan-cong-supply-chain\"><\/span>\u0110\u1ed1i t\u01b0\u1ee3ng n\u00e0o d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng supply chain?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>M\u1eb7c d\u00f9 c\u00e1c v\u1ee5 t\u1ea5n c\u00f4ng l\u1edbn th\u01b0\u1eddng nh\u1eafm v\u00e0o c\u00e1c t\u1eadp \u0111o\u00e0n c\u00f4ng ngh\u1ec7 kh\u1ed5ng l\u1ed3, nh\u01b0ng kh\u00f4ng c\u00f3 b\u1ea5t k\u1ef3 t\u1ed5 ch\u1ee9c n\u00e0o ho\u00e0n to\u00e0n mi\u1ec5n nhi\u1ec5m.<\/p>\n<ul>\n<li><strong>C\u00e1c c\u00f4ng ty c\u00f4ng ngh\u1ec7:<\/strong> Nh\u00f3m n\u00e0y l\u00e0 m\u1ee5c ti\u00eau ch\u00ednh v\u00ec h\u1ecd s\u1ea3n xu\u1ea5t v\u00e0 ph\u00e2n ph\u1ed1i c\u00e1c ph\u1ea7n m\u1ec1m, d\u1ecbch v\u1ee5 m\u00e0 h\u00e0ng tri\u1ec7u ng\u01b0\u1eddi d\u00f9ng tin t\u01b0\u1edfng.<\/li>\n<li><strong>T\u1ed5 ch\u1ee9c t\u00e0i ch\u00ednh:<\/strong> C\u00e1c ng\u00e2n h\u00e0ng, c\u00f4ng ty b\u1ea3o hi\u1ec3m v\u00e0 c\u00e1c t\u1ed5 ch\u1ee9c t\u00e0i ch\u00ednh kh\u00e1c c\u0169ng l\u00e0 m\u1ee5c ti\u00eau b\u00e9o b\u1edf do n\u1eafm gi\u1eef l\u01b0\u1ee3ng l\u1edbn d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m c\u1ee7a kh\u00e1ch h\u00e0ng.<\/li>\n<li><strong>C\u01a1 quan ch\u00ednh ph\u1ee7:<\/strong> C\u00e1c c\u01a1 quan ch\u00ednh ph\u1ee7 th\u01b0\u1eddng s\u1eed d\u1ee5ng c\u00e1c ph\u1ea7n m\u1ec1m chuy\u00ean d\u1ee5ng v\u00e0 l\u00e0 m\u1ee5c ti\u00eau c\u1ee7a c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng c\u00f3 m\u1ee5c \u0111\u00edch ch\u00ednh tr\u1ecb.<\/li>\n<li><strong>Doanh nghi\u1ec7p v\u1eeba v\u00e0 nh\u1ecf:<\/strong> Nh\u00f3m n\u00e0y c\u0169ng c\u00f3 nguy c\u01a1 cao, \u0111\u1eb7c bi\u1ec7t khi h\u1ecd s\u1eed d\u1ee5ng nhi\u1ec1u ph\u1ea7n m\u1ec1m b\u00ean ngo\u00e0i m\u00e0 kh\u00f4ng c\u00f3 m\u1ed9t \u0111\u1ed9i ng\u0169 an ninh m\u1ea1ng chuy\u00ean tr\u00e1ch.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Nguyen-nhan-de-bi-tan-cong-Supply-Chain\"><\/span>Nguy\u00ean nh\u00e2n d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng Supply Chain<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<div>\n<p>V\u1eady \u0111\u00e2u l\u00e0 nh\u1eefng nguy\u00ean nh\u00e2n ch\u00ednh khi\u1ebfn cho <strong>t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng<\/strong> tr\u1edf th\u00e0nh m\u1ed9t m\u1ed1i \u0111e d\u1ecda l\u1edbn?<\/p>\n<h3><span class=\"ez-toc-section\" id=\"1-Lo-hong-bao-mat-tu-cac-nha-cung-cap\"><\/span><strong>1. L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt t\u1eeb c\u00e1c nh\u00e0 cung c\u1ea5p<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Nhi\u1ec1u c\u00f4ng ty, \u0111\u1eb7c bi\u1ec7t l\u00e0 c\u00e1c doanh nghi\u1ec7p nh\u1ecf, c\u00f3 th\u1ec3 thi\u1ebfu ngu\u1ed3n l\u1ef1c ho\u1eb7c chuy\u00ean m\u00f4n \u0111\u1ec3 duy tr\u00ec m\u1ed9t h\u1ec7 th\u1ed1ng an ninh m\u1ea1ng v\u1eefng ch\u1eafc. \u0110i\u1ec1u n\u00e0y t\u1ea1o c\u01a1 h\u1ed9i cho k\u1ebb t\u1ea5n c\u00f4ng ch\u00e8n m\u00e3 \u0111\u1ed9c v\u00e0o ph\u1ea7n m\u1ec1m ho\u1eb7c d\u1ecbch v\u1ee5 c\u1ee7a h\u1ecd.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"2-Quan-ly-vendor-kem\"><\/span><strong>2. Qu\u1ea3n l\u00fd vendor k\u00e9m<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>C\u00e1c doanh nghi\u1ec7p th\u01b0\u1eddng kh\u00f4ng ki\u1ec3m tra k\u1ef9 l\u01b0\u1ee1ng c\u00e1c nh\u00e0 cung c\u1ea5p b\u00ean th\u1ee9 ba c\u1ee7a h\u1ecd, vi\u1ec7c tin t\u01b0\u1edfng m\u00f9 qu\u00e1ng v\u00e0o ph\u1ea7n m\u1ec1m th\u01b0\u01a1ng m\u1ea1i ho\u1eb7c m\u00e3 ngu\u1ed3n m\u1edf m\u00e0 kh\u00f4ng c\u00f3 quy tr\u00ecnh \u0111\u00e1nh gi\u00e1 r\u1ee7i ro r\u00f5 r\u00e0ng l\u00e0 m\u1ed9t trong nh\u1eefng l\u00fd do ch\u00ednh.<\/p>\n<figure id=\"attachment_32786\" aria-describedby=\"caption-attachment-32786\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32786\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Nguyen-nhan-dan-den-Supply-Chain-Attack.jpg\" alt=\"Nguy\u00ean nh\u00e2n d\u1eabn \u0111\u1ebfn Supply Chain Attack\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Nguyen-nhan-dan-den-Supply-Chain-Attack.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Nguyen-nhan-dan-den-Supply-Chain-Attack-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Nguyen-nhan-dan-den-Supply-Chain-Attack-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-32786\" class=\"wp-caption-text\">Nguy\u00ean nh\u00e2n d\u1eabn \u0111\u1ebfn Supply Chain Attack<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"3-Thieu-giam-sat-bao-mat-lien-tuc\"><\/span><strong>3. Thi\u1ebfu gi\u00e1m s\u00e1t b\u1ea3o m\u1eadt li\u00ean t\u1ee5c<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>C\u00e1c c\u00f4ng ty th\u01b0\u1eddng t\u1eadp trung v\u00e0o vi\u1ec7c b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng n\u1ed9i b\u1ed9 c\u1ee7a m\u00ecnh m\u00e0 b\u1ecf qua vi\u1ec7c gi\u00e1m s\u00e1t c\u00e1c th\u00e0nh ph\u1ea7n b\u00ean ngo\u00e0i, bao g\u1ed3m c\u00e1c th\u01b0 vi\u1ec7n, framework, v\u00e0 ph\u1ea7n m\u1ec1m m\u00e3 ngu\u1ed3n m\u1edf. \u0110i\u1ec1u n\u00e0y t\u1ea1o ra <strong>\u0111i\u1ec3m m\u00f9<\/strong> trong h\u1ec7 th\u1ed1ng an ninh, khi\u1ebfn h\u1ecd kh\u00f4ng th\u1ec3 ph\u00e1t hi\u1ec7n c\u00e1c m\u00e3 \u0111\u1ed9c \u0111\u01b0\u1ee3c ch\u00e8n v\u00e0o t\u1eeb b\u00ean ngo\u00e0i.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"4-Cap-nhat-va-loi-cham\"><\/span><strong>4. C\u1eadp nh\u1eadt v\u00e1 l\u1ed7i ch\u1eadm<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Khi c\u00e1c l\u1ed7 h\u1ed5ng m\u1edbi \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n, c\u00e1c nh\u00e0 cung c\u1ea5p c\u1ea7n ph\u1ea3i nhanh ch\u00f3ng ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1. Tuy nhi\u00ean, n\u1ebfu ng\u01b0\u1eddi d\u00f9ng cu\u1ed1i kh\u00f4ng c\u1eadp nh\u1eadt k\u1ecbp th\u1eddi, h\u1ec7 th\u1ed1ng c\u1ee7a h\u1ecd v\u1eabn s\u1ebd d\u1ec5 b\u1ecb t\u1ed5n th\u01b0\u01a1ng. \u0110\u00e2y l\u00e0 m\u1ed9t <strong>m\u1eaft x\u00edch y\u1ebfu<\/strong> kh\u00e1c trong chu\u1ed7i.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"5-Con-nguoi-nhan-thuc-bao-mat-yeu\"><\/span>5. Con ng\u01b0\u1eddi &amp; nh\u1eadn th\u1ee9c b\u1ea3o m\u1eadt y\u1ebfu<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Nh\u00e2n vi\u00ean thi\u1ebfu ki\u1ebfn th\u1ee9c an ninh m\u1ea1ng, d\u1ec5 b\u1ecb l\u1eeba phishing ho\u1eb7c social engineering, l\u00e3nh \u0111\u1ea1o ch\u01b0a \u0111\u1ea7u t\u01b0 \u0111\u00fang m\u1ee9c cho h\u1ec7 th\u1ed1ng b\u1ea3o m\u1eadt chu\u1ed7i cung \u1ee9ng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cach-thuc-tan-cong-cua-supply-chain\"><\/span><strong>C\u00e1ch th\u1ee9c t\u1ea5n c\u00f4ng c\u1ee7a supply chain\u00a0<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0110\u1ec3 hi\u1ec3u r\u00f5 h\u01a1n v\u1ec1 <strong>c\u00e1ch th\u1ee9c supply chain attack<\/strong> v\u1eadn h\u00e0nh, h\u00e3y c\u00f9ng InterData ph\u00e2n t\u00edch t\u1eebng b\u01b0\u1edbc trong quy tr\u00ecnh n\u00e0y.<\/p>\n<p><strong>B\u01b0\u1edbc 1: K\u1ebb t\u1ea5n c\u00f4ng t\u00ecm ki\u1ebfm \u0111i\u1ec3m y\u1ebfu trong m\u1ed9t nh\u00e0 cung c\u1ea5p ph\u1ea7n m\u1ec1m ho\u1eb7c th\u01b0 vi\u1ec7n.<\/strong><\/p>\n<p>K\u1ebb t\u1ea5n c\u00f4ng kh\u00f4ng tr\u1ef1c ti\u1ebfp nh\u1eafm v\u00e0o c\u00f4ng ty m\u1ee5c ti\u00eau, m\u00e0 t\u00ecm ki\u1ebfm m\u1ed9t nh\u00e0 cung c\u1ea5p uy t\u00edn, c\u00f3 s\u1ed1 l\u01b0\u1ee3ng kh\u00e1ch h\u00e0ng l\u1edbn v\u00e0 h\u1ec7 th\u1ed1ng b\u1ea3o m\u1eadt k\u00e9m h\u01a1n. V\u00ed d\u1ee5, ch\u00fang c\u00f3 th\u1ec3 nh\u1eafm v\u00e0o c\u00e1c c\u00f4ng ty s\u1ea3n xu\u1ea5t ph\u1ea7n m\u1ec1m ph\u1ed5 bi\u1ebfn, c\u00e1c n\u1ec1n t\u1ea3ng m\u00e3 ngu\u1ed3n m\u1edf, ho\u1eb7c th\u1eadm ch\u00ed l\u00e0 c\u00e1c d\u1ecbch v\u1ee5 l\u01b0u tr\u1eef m\u00e3 ngu\u1ed3n.<\/p>\n<p><strong>B\u01b0\u1edbc 2: Ch\u00e8n m\u00e3 \u0111\u1ed9c, backdoor ho\u1eb7c ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i v\u00e0o s\u1ea3n ph\u1ea9m h\u1ee3p ph\u00e1p.<\/strong><\/p>\n<p>Sau khi \u0111\u00e3 th\u00e2m nh\u1eadp, k\u1ebb t\u1ea5n c\u00f4ng s\u1ebd ch\u00e8n m\u00e3 \u0111\u1ed9c v\u00e0o code g\u1ed1c c\u1ee7a s\u1ea3n ph\u1ea9m m\u1ed9t c\u00e1ch kh\u00e9o l\u00e9o. M\u00e3 \u0111\u1ed9c n\u00e0y c\u00f3 th\u1ec3 l\u00e0 m\u1ed9t <strong>backdoor<\/strong> (c\u1eeda h\u1eadu) cho ph\u00e9p ch\u00fang truy c\u1eadp t\u1eeb xa, m\u1ed9t <strong>ph\u1ea7n m\u1ec1m gi\u00e1n \u0111i\u1ec7p<\/strong> \u0111\u1ec3 thu th\u1eadp d\u1eef li\u1ec7u, ho\u1eb7c m\u1ed9t <strong>ransomware<\/strong> (m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n) \u0111\u1ec3 m\u00e3 h\u00f3a d\u1eef li\u1ec7u sau n\u00e0y.<\/p>\n<p><strong>B\u01b0\u1edbc 3: Ph\u1ea7n m\u1ec1m b\u1ecb nhi\u1ec5m \u0111\u1ed9c \u0111\u01b0\u1ee3c ph\u00e2n ph\u1ed1i \u0111\u1ebfn c\u00e1c kh\u00e1ch h\u00e0ng.<\/strong><\/p>\n<p>\u0110\u00e2y l\u00e0 b\u01b0\u1edbc nguy hi\u1ec3m nh\u1ea5t c\u1ee7a <strong>c\u01a1 ch\u1ebf ho\u1ea1t \u0111\u1ed9ng t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng<\/strong>. Khi nh\u00e0 cung c\u1ea5p ph\u00e1t h\u00e0nh b\u1ea3n c\u1eadp nh\u1eadt ho\u1eb7c phi\u00ean b\u1ea3n m\u1edbi, t\u1ea5t c\u1ea3 c\u00e1c kh\u00e1ch h\u00e0ng s\u1eed d\u1ee5ng s\u1ea3n ph\u1ea9m \u0111\u00f3 s\u1ebd t\u1ef1 \u0111\u1ed9ng t\u1ea3i v\u1ec1 v\u00e0 c\u00e0i \u0111\u1eb7t m\u00e3 \u0111\u1ed9c v\u00e0o h\u1ec7 th\u1ed1ng c\u1ee7a m\u00ecnh. Do ph\u1ea7n m\u1ec1m \u0111\u1ebfn t\u1eeb m\u1ed9t ngu\u1ed3n \u0111\u00e1ng tin c\u1eady, c\u00e1c h\u1ec7 th\u1ed1ng b\u1ea3o m\u1eadt n\u1ed9i b\u1ed9 th\u01b0\u1eddng b\u1ecf qua ho\u1eb7c kh\u00f4ng ph\u00e1t hi\u1ec7n \u0111\u01b0\u1ee3c m\u00e3 \u0111\u1ed9c.<\/p>\n<p><strong>B\u01b0\u1edbc 4: M\u00e3 \u0111\u1ed9c \u0111\u01b0\u1ee3c k\u00edch ho\u1ea1t, g\u00e2y ra h\u1eadu qu\u1ea3 tr\u00ean di\u1ec7n r\u1ed9ng.<\/strong><\/p>\n<p>Khi m\u00e3 \u0111\u1ed9c \u0111\u00e3 n\u1eb1m trong h\u1ec7 th\u1ed1ng c\u1ee7a h\u00e0ng lo\u1ea1t kh\u00e1ch h\u00e0ng, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 t\u00f9y \u00fd k\u00edch ho\u1ea1t n\u00f3 \u0111\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c h\u00e0nh vi nh\u01b0: \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u, t\u1ed1ng ti\u1ec1n, ho\u1eb7c s\u1eed d\u1ee5ng t\u00e0i nguy\u00ean c\u1ee7a h\u1ec7 th\u1ed1ng cho c\u00e1c m\u1ee5c \u0111\u00edch b\u1ea5t h\u1ee3p ph\u00e1p.<\/p>\n<div>\n<h2><span class=\"ez-toc-section\" id=\"Cac-dang-Supply-Chain-Attack-pho-bien-hien-nay\"><\/span>C\u00e1c d\u1ea1ng Supply Chain Attack ph\u1ed5 bi\u1ebfn hi\u1ec7n nay<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>T\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng<\/strong> kh\u00f4ng ch\u1ec9 gi\u1edbi h\u1ea1n \u1edf ph\u1ea7n m\u1ec1m. D\u1ef1a tr\u00ean b\u1ea3n ch\u1ea5t v\u00e0 m\u1ee5c ti\u00eau, c\u00e1c chuy\u00ean gia an ninh m\u1ea1ng th\u01b0\u1eddng ph\u00e2n lo\u1ea1i c\u00e1c d\u1ea1ng t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng th\u00e0nh ba lo\u1ea1i ch\u00ednh.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"1-Tan-cong-vao-phan-memphan-cung\"><\/span><strong>1. T\u1ea5n c\u00f4ng v\u00e0o ph\u1ea7n m\u1ec1m\/ph\u1ea7n c\u1ee9ng<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u00e2y l\u00e0 lo\u1ea1i ph\u1ed5 bi\u1ebfn nh\u1ea5t. K\u1ebb t\u1ea5n c\u00f4ng ch\u00e8n m\u00e3 \u0111\u1ed9c v\u00e0o m\u00e3 ngu\u1ed3n c\u1ee7a ph\u1ea7n m\u1ec1m, firmware c\u1ee7a ph\u1ea7n c\u1ee9ng, ho\u1eb7c c\u00e1c th\u01b0 vi\u1ec7n m\u00e3 ngu\u1ed3n m\u1edf. V\u00ed d\u1ee5, m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng g\u1ea7n \u0111\u00e2y v\u00e0o m\u1ed9t c\u00f4ng ty ph\u1ea7n m\u1ec1m qu\u1ea3n l\u00fd m\u00e3 ngu\u1ed3n \u0111\u00e3 khi\u1ebfn m\u00e3 \u0111\u1ed9c l\u00e2y lan \u0111\u1ebfn h\u01a1n 1000 d\u1ef1 \u00e1n ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m kh\u00e1c.<\/p>\n<figure id=\"attachment_32787\" aria-describedby=\"caption-attachment-32787\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32787\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cac-loai-Supply-Chain-Attack-pho-bien.webp\" alt=\"C\u00e1c lo\u1ea1i Supply Chain Attack ph\u1ed5 bi\u1ebfn\" width=\"800\" height=\"400\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cac-loai-Supply-Chain-Attack-pho-bien.webp 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cac-loai-Supply-Chain-Attack-pho-bien-300x150.webp 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cac-loai-Supply-Chain-Attack-pho-bien-768x384.webp 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-32787\" class=\"wp-caption-text\">C\u00e1c lo\u1ea1i Supply Chain Attack ph\u1ed5 bi\u1ebfn<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"2-Tan-cong-vao-quy-trinh-process\"><\/span><strong>2. T\u1ea5n c\u00f4ng v\u00e0o quy tr\u00ecnh (process)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>K\u1ebb t\u1ea5n c\u00f4ng nh\u1eafm v\u00e0o c\u00e1c giai \u0111o\u1ea1n trong qu\u00e1 tr\u00ecnh s\u1ea3n xu\u1ea5t ho\u1eb7c ph\u00e2n ph\u1ed1i. Ch\u00fang c\u00f3 th\u1ec3 thao t\u00fang c\u00e1c m\u00e1y ch\u1ee7 l\u01b0u tr\u1eef b\u1ea3n c\u1eadp nh\u1eadt, chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t t\u00e0i kho\u1ea3n c\u1ee7a nh\u00e0 ph\u00e1t tri\u1ec3n \u0111\u1ec3 ph\u00e1t h\u00e0nh b\u1ea3n c\u1eadp nh\u1eadt \u0111\u1ed9c h\u1ea1i, ho\u1eb7c thay \u0111\u1ed5i c\u00e1c file c\u00e0i \u0111\u1eb7t tr\u01b0\u1edbc khi \u0111\u1ebfn tay ng\u01b0\u1eddi d\u00f9ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"3-Tan-cong-vao-con-nguoi\"><\/span><strong>3. T\u1ea5n c\u00f4ng v\u00e0o con ng\u01b0\u1eddi<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Lo\u1ea1i t\u1ea5n c\u00f4ng Supply Chain s\u1eed d\u1ee5ng k\u1ef9 thu\u1eadt l\u1eeba \u0111\u1ea3o x\u00e3 h\u1ed9i (social engineering), ch\u1eb3ng h\u1ea1n nh\u01b0 <strong>phishing<\/strong> (t\u1ea5n c\u00f4ng l\u1eeba \u0111\u1ea3o), \u0111\u1ec3 chi\u1ebfm \u0111o\u1ea1t t\u00e0i kho\u1ea3n c\u1ee7a m\u1ed9t nh\u00e2n vi\u00ean trong chu\u1ed7i cung \u1ee9ng. M\u1ed9t khi c\u00f3 quy\u1ec1n truy c\u1eadp, ch\u00fang c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng t\u00e0i kho\u1ea3n n\u00e0y \u0111\u1ec3 ch\u00e8n m\u00e3 \u0111\u1ed9c ho\u1eb7c th\u1ef1c hi\u1ec7n c\u00e1c h\u00e0nh vi ph\u00e1 ho\u1ea1i kh\u00e1c.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Vi-du-ve-cac-cuoc-tan-cong-chuoi-cung-ung-Supply-Chain\"><\/span>V\u00ed d\u1ee5 v\u1ec1 c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng Supply Chain<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Trong th\u1eddi gian g\u1ea7n \u0111\u00e2y, c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng c\u1ee7a tin t\u1eb7c \u0111\u00e3 d\u1eabn \u0111\u1ebfn nhi\u1ec1u s\u1ef1 c\u1ed1 nghi\u00eam tr\u1ecdng, thu h\u00fat s\u1ef1 ch\u00fa \u00fd l\u1edbn. Trong m\u1ed7i v\u00ed d\u1ee5 d\u01b0\u1edbi \u0111\u00e2y, h\u1ec7 th\u1ed1ng ho\u1eb7c ph\u1ea7n m\u1ec1m c\u1ee7a nh\u1eefng nh\u00e0 cung c\u1ea5p \u0111\u00e1ng tin c\u1eady \u0111\u00e3 b\u1ecb x\u00e2m ph\u1ea1m.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Dependency-confusion-2021\"><\/span>Dependency confusion, 2021<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>N\u0103m 2021, m\u1ed9t nh\u00e0 nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt \u0111\u00e3 x\u00e2m nh\u1eadp \u0111\u01b0\u1ee3c v\u00e0o h\u1ec7 th\u1ed1ng c\u1ee7a Microsoft, Uber, Apple v\u00e0 Tesla. Nh\u00e0 nghi\u00ean c\u1ee9u n\u00e0y, Alex Birsan, \u0111\u00e3 l\u1ee3i d\u1ee5ng c\u00e1c dependency (th\u00e0nh ph\u1ea7n ph\u1ee5 thu\u1ed9c) m\u00e0 \u1ee9ng d\u1ee5ng s\u1eed d\u1ee5ng \u0111\u1ec3 cung c\u1ea5p d\u1ecbch v\u1ee5 cho ng\u01b0\u1eddi d\u00f9ng cu\u1ed1i.<\/p>\n<p>Th\u00f4ng qua c\u00e1c dependency n\u00e0y, Birsan \u0111\u00e3 truy\u1ec1n nh\u1eefng g\u00f3i d\u1eef li\u1ec7u gi\u1ea3 m\u1ea1o nh\u01b0ng v\u00f4 h\u1ea1i \u0111\u1ebfn nhi\u1ec1u ng\u01b0\u1eddi d\u00f9ng n\u1ed5i ti\u1ebfng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Mimecast-2021\"><\/span>Mimecast, 2021<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Trong v\u1ee5 t\u1ea5n c\u00f4ng Mimecast, tin t\u1eb7c \u0111\u00e3 chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t m\u1ed9t ch\u1ee9ng ch\u1ec9 b\u1ea3o m\u1eadt d\u00f9ng \u0111\u1ec3 x\u00e1c th\u1ef1c d\u1ecbch v\u1ee5 Mimecast tr\u00ean Microsoft 365 Exchange Web Services. M\u1eb7c d\u00f9 s\u1ed1 l\u01b0\u1ee3ng n\u1ea1n nh\u00e2n b\u1ecb \u1ea3nh h\u01b0\u1edfng kh\u00f4ng nhi\u1ec1u, nh\u01b0ng kho\u1ea3ng 10% kh\u00e1ch h\u00e0ng c\u1ee7a Mimecast \u0111\u00e3 s\u1eed d\u1ee5ng c\u00e1c \u1ee9ng d\u1ee5ng d\u1ef1a tr\u00ean ch\u1ee9ng ch\u1ec9 b\u1ecb x\u00e2m ph\u1ea1m n\u00e0y.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"SolarWinds-2020\"><\/span>SolarWinds, 2020<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Cu\u1ed9c t\u1ea5n c\u00f4ng SolarWinds \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n b\u1eb1ng c\u00e1ch ch\u00e8n m\u1ed9t backdoor, c\u00f3 t\u00ean SUNBURST, v\u00e0o c\u00f4ng c\u1ee5 c\u1eadp nh\u1eadt Orion IT. Backdoor n\u00e0y \u0111\u00e3 b\u1ecb t\u1ea3i xu\u1ed1ng b\u1edfi kho\u1ea3ng 18.000 kh\u00e1ch h\u00e0ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"ASUS-2018\"><\/span>ASUS, 2018<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Theo c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u t\u1ea1i Symantec, cu\u1ed9c t\u1ea5n c\u00f4ng v\u00e0o ASUS \u0111\u00e3 khai th\u00e1c t\u00ednh n\u0103ng c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m v\u00e0 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn kho\u1ea3ng 500.000 h\u1ec7 th\u1ed1ng. Trong v\u1ee5 vi\u1ec7c n\u00e0y, tin t\u1eb7c \u0111\u00e3 l\u1ee3i d\u1ee5ng t\u00ednh n\u0103ng c\u1eadp nh\u1eadt t\u1ef1 \u0111\u1ed9ng \u0111\u1ec3 c\u00e0i \u0111\u1eb7t m\u00e3 \u0111\u1ed9c v\u00e0o h\u1ec7 th\u1ed1ng c\u1ee7a ng\u01b0\u1eddi d\u00f9ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Event-stream-2018\"><\/span>Event-stream, 2018<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Trong v\u1ee5 t\u1ea5n c\u00f4ng Event-stream, m\u1ed9t kho l\u01b0u tr\u1eef tr\u00ean GitHub \u0111\u00e3 b\u1ecb c\u00e0i m\u00e3 \u0111\u1ed9c. Dependency ch\u1ee9a m\u00e3 \u0111\u1ed9c trong kho l\u01b0u tr\u1eef n\u00e0y \u0111\u00e3 b\u1ecb m\u1ed9t s\u1ed1 l\u01b0\u1ee3ng \u1ee9ng d\u1ee5ng kh\u00f4ng x\u00e1c \u0111\u1ecbnh khai th\u00e1c.<\/p>\n<p>M\u1eb7c d\u00f9 GitHub kh\u00f4ng ho\u00e0n to\u00e0n l\u00e0 m\u00e3 ngu\u1ed3n m\u1edf, n\u1ec1n t\u1ea3ng n\u00e0y ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t d\u1ecbch v\u1ee5 l\u01b0u tr\u1eef c\u00f4ng khai, khuy\u1ebfn kh\u00edch ng\u01b0\u1eddi d\u00f9ng chia s\u1ebb gi\u1ea3i ph\u00e1p c\u1ee7a m\u00ecnh v\u1edbi c\u1ed9ng \u0111\u1ed3ng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Hau-qua-khi-bi-tan-cong-supply-chain\"><\/span>H\u1eadu qu\u1ea3 khi b\u1ecb t\u1ea5n c\u00f4ng supply chain<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>H\u1eadu qu\u1ea3 c\u1ee7a m\u1ed9t v\u1ee5 t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng th\u01b0\u1eddng r\u1ea5t n\u1eb7ng n\u1ec1 v\u00e0 k\u00e9o d\u00e0i, \u0111i\u1ec3n h\u00ecnh nh\u01b0:<\/p>\n<ul>\n<li>R\u00f2 r\u1ec9 th\u00f4ng tin quan tr\u1ecdng ho\u1eb7c nh\u1ea1y c\u1ea3m.<\/li>\n<li>X\u00e1o tr\u1ed9n ho\u1eb7c gi\u00e1n \u0111o\u1ea1n ho\u1ea1t \u0111\u1ed9ng kinh doanh, g\u00e2y t\u1ed5n th\u1ea5t s\u1ea3n xu\u1ea5t v\u00e0 d\u1ecbch v\u1ee5.<\/li>\n<li>Doanh thu gi\u1ea3m s\u00fat do \u1ea3nh h\u01b0\u1edfng tr\u1ef1c ti\u1ebfp \u0111\u1ebfn ho\u1ea1t \u0111\u1ed9ng kinh doanh.<\/li>\n<li>\u1ea2nh h\u01b0\u1edfng x\u1ea5u \u0111\u1ebfn uy t\u00edn, th\u01b0\u01a1ng hi\u1ec7u c\u1ee7a doanh nghi\u1ec7p.<\/li>\n<li>M\u1ea5t c\u01a1 h\u1ed9i \u0111\u01b0\u1ee3c \u0111\u1ea7u t\u01b0 do gi\u1ea3m \u0111\u1ed9 tin c\u1eady.<\/li>\n<li>C\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn c\u00e1c h\u1eadu qu\u1ea3 ph\u00e1p l\u00fd nh\u01b0 ph\u1ea3i ra t\u00f2a.<\/li>\n<li>Khi m\u1ed9t m\u1eaft x\u00edch trong chu\u1ed7i b\u1ecb x\u00e2m ph\u1ea1m, to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng c\u00f3 th\u1ec3 b\u1ecb \u0111e d\u1ecda, v\u01b0\u1ee3t qua c\u00e1c c\u01a1 ch\u1ebf ph\u00f2ng th\u1ee7 truy\u1ec1n th\u1ed1ng, l\u00e0m s\u1ee5p \u0111\u1ed5 c\u1ea3 h\u1ec7 th\u1ed1ng.<\/li>\n<\/ul>\n<p>T\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng c\u0169ng khi\u1ebfn doanh nghi\u1ec7p d\u1ec5 b\u1ecb khai th\u00e1c s\u00e2u do tin t\u1eb7c chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t ph\u1ea7n m\u1ec1m, ph\u1ea7n c\u1ee9ng, ho\u1eb7c c\u1eadp nh\u1eadt t\u1eeb nh\u00e0 cung c\u1ea5p, d\u1eabn \u0111\u1ebfn x\u00e2m nh\u1eadp m\u1ea1ng l\u01b0\u1edbi r\u1ed9ng l\u1edbn c\u1ee7a c\u00e1c kh\u00e1ch h\u00e0ng ho\u1eb7c \u0111\u1ed1i t\u00e1c li\u00ean quan.<\/p>\n<figure id=\"attachment_32788\" aria-describedby=\"caption-attachment-32788\" style=\"width: 770px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32788\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Hau-qua-khi-bi-tan-cong-supply-chain.jpg\" alt=\"H\u1eadu qu\u1ea3 khi b\u1ecb t\u1ea5n c\u00f4ng supply chain\" width=\"770\" height=\"408\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Hau-qua-khi-bi-tan-cong-supply-chain.jpg 770w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Hau-qua-khi-bi-tan-cong-supply-chain-300x159.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Hau-qua-khi-bi-tan-cong-supply-chain-768x407.jpg 768w\" sizes=\"auto, (max-width: 770px) 100vw, 770px\" \/><figcaption id=\"caption-attachment-32788\" class=\"wp-caption-text\">H\u1eadu qu\u1ea3 khi b\u1ecb t\u1ea5n c\u00f4ng supply chain<\/figcaption><\/figure>\n<p>N\u00f3i chung, c\u00e1c doanh nghi\u1ec7p c\u00f3 chu\u1ed7i cung \u1ee9ng c\u00e0ng l\u1edbn, ph\u1ee9c t\u1ea1p th\u00ec nguy c\u01a1 v\u00e0 h\u1eadu qu\u1ea3 khi b\u1ecb t\u1ea5n c\u00f4ng c\u00e0ng nghi\u00eam tr\u1ecdng, \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn nhi\u1ec1u ng\u00e0nh ngh\u1ec1, l\u0129nh v\u1ef1c nh\u01b0 c\u00f4ng ngh\u1ec7 th\u00f4ng tin, ch\u0103m s\u00f3c s\u1ee9c kh\u1ecfe, s\u1ea3n xu\u1ea5t, t\u00e0i ch\u00ednh, v\u00e0 c\u1ea3 c\u00e1c t\u1ed5 ch\u1ee9c ch\u00ednh ph\u1ee7.<\/p>\n<div>\n<h2><span class=\"ez-toc-section\" id=\"Huong-dan-cach-phong-supply-chain-attack-hieu-qua\"><\/span><strong>H\u01b0\u1edbng d\u1eabn c\u00e1ch ph\u00f2ng supply chain attack hi\u1ec7u qu\u1ea3<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Ph\u00f2ng ch\u1ed1ng <strong>t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng<\/strong> \u0111\u00f2i h\u1ecfi m\u1ed9t chi\u1ebfn l\u01b0\u1ee3c b\u1ea3o m\u1eadt to\u00e0n di\u1ec7n v\u00e0 ch\u1ee7 \u0111\u1ed9ng. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 c\u00e1c b\u01b0\u1edbc InterData \u0111\u1ec1 xu\u1ea5t \u0111\u1ec3 gi\u1ea3m thi\u1ec3u r\u1ee7i ro.<\/p>\n<p><strong>1. Ki\u1ec3m tra v\u00e0 \u0111\u00e1nh gi\u00e1 nh\u00e0 cung c\u1ea5p:<\/strong> \u00c1p d\u1ee5ng c\u00e1c ti\u00eau chu\u1ea9n an ninh m\u1ea1ng nghi\u00eam ng\u1eb7t cho t\u1ea5t c\u1ea3 c\u00e1c nh\u00e0 cung c\u1ea5p b\u00ean th\u1ee9 ba. Y\u00eau c\u1ea7u h\u1ecd cung c\u1ea5p b\u1eb1ng ch\u1ee9ng v\u1ec1 vi\u1ec7c tu\u00e2n th\u1ee7 c\u00e1c ti\u00eau chu\u1ea9n nh\u01b0 ISO 27001 ho\u1eb7c SOC 2. \u0110i\u1ec1u n\u00e0y gi\u00fap b\u1ea1n \u0111\u1ea3m b\u1ea3o r\u1eb1ng c\u00e1c \u0111\u1ed1i t\u00e1c c\u00f3 quy tr\u00ecnh b\u1ea3o m\u1eadt \u0111\u00e1ng tin c\u1eady.<\/p>\n<p><strong>2. S\u1eed d\u1ee5ng c\u00f4ng c\u1ee5 b\u1ea3o m\u1eadt chuy\u00ean d\u1ee5ng:<\/strong> \u0110\u1ec3 ph\u00e1t hi\u1ec7n c\u00e1c l\u1ed7 h\u1ed5ng trong m\u00e3 ngu\u1ed3n, h\u00e3y s\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 nh\u01b0:<\/p>\n<ul>\n<li><strong>SAST (Static Application Security Testing):<\/strong> Ph\u00e2n t\u00edch m\u00e3 ngu\u1ed3n khi t\u0129nh, gi\u00fap ph\u00e1t hi\u1ec7n c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt s\u1edbm trong qu\u00e1 tr\u00ecnh ph\u00e1t tri\u1ec3n.<\/li>\n<li><strong>SCA (Software Composition Analysis):<\/strong> Qu\u00e9t c\u00e1c th\u01b0 vi\u1ec7n m\u00e3 ngu\u1ed3n m\u1edf v\u00e0 b\u00ean th\u1ee9 ba \u0111\u1ec3 t\u00ecm ki\u1ebfm c\u00e1c l\u1ed7 h\u1ed5ng \u0111\u00e3 bi\u1ebft.<\/li>\n<li><strong>DAST (Dynamic Application Security Testing):<\/strong> M\u00f4 ph\u1ecfng c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng v\u00e0o \u1ee9ng d\u1ee5ng \u0111ang ch\u1ea1y \u0111\u1ec3 ph\u00e1t hi\u1ec7n c\u00e1c l\u1ed7 h\u1ed5ng.<\/li>\n<\/ul>\n<p><strong>3. X\u00e2y d\u1ef1ng quy tr\u00ecnh n\u1ed9i b\u1ed9 ch\u1eb7t ch\u1ebd:<\/strong> T\u1ea1o ra m\u1ed9t quy tr\u00ecnh ki\u1ec3m tra v\u00e0 x\u00e1c minh m\u1ecdi th\u01b0 vi\u1ec7n, framework, ho\u1eb7c ph\u1ea7n m\u1ec1m tr\u01b0\u1edbc khi s\u1eed d\u1ee5ng. H\u1ea1n ch\u1ebf s\u1eed d\u1ee5ng c\u00e1c ph\u1ea7n m\u1ec1m kh\u00f4ng r\u00f5 ngu\u1ed3n g\u1ed1c ho\u1eb7c \u0111\u00e3 c\u0169.<\/p>\n<figure id=\"attachment_32789\" aria-describedby=\"caption-attachment-32789\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32789\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cach-phong-supply-chain-attack-hieu-qua.jpg\" alt=\"C\u00e1ch ph\u00f2ng supply chain attack hi\u1ec7u qu\u1ea3\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cach-phong-supply-chain-attack-hieu-qua.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cach-phong-supply-chain-attack-hieu-qua-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cach-phong-supply-chain-attack-hieu-qua-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-32789\" class=\"wp-caption-text\">C\u00e1ch ph\u00f2ng supply chain attack hi\u1ec7u qu\u1ea3<\/figcaption><\/figure>\n<p><strong>4. \u0110\u00e0o t\u1ea1o v\u00e0 n\u00e2ng cao nh\u1eadn th\u1ee9c nh\u00e2n vi\u00ean:<\/strong> Con ng\u01b0\u1eddi l\u00e0 m\u1ed9t <strong>m\u1eaft x\u00edch<\/strong> quan tr\u1ecdng. Cung c\u1ea5p c\u00e1c bu\u1ed5i \u0111\u00e0o t\u1ea1o \u0111\u1ecbnh k\u1ef3 v\u1ec1 an ninh m\u1ea1ng, \u0111\u1eb7c bi\u1ec7t l\u00e0 c\u00e1ch nh\u1eadn bi\u1ebft c\u00e1c email l\u1eeba \u0111\u1ea3o (phishing) v\u00e0 c\u00e1c m\u1ed1i \u0111e d\u1ecda kh\u00e1c.<\/p>\n<p>Ngo\u00e0i ra c\u00f2n c\u00f3 c\u00e1c c\u00e1ch ph\u00f2ng ch\u1ed1ng t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng hi\u1ec7u qu\u1ea3 kh\u00e1c bao g\u1ed3m:<\/p>\n<ul>\n<li>T\u00edch h\u1ee3p c\u00e1c gi\u1ea3i ph\u00e1p gi\u00e1m s\u00e1t v\u00e0 ph\u1ea3n \u1ee9ng nh\u01b0 SIEM, SOAR, v\u00e0 ph\u00e2n t\u00edch h\u00e0nh vi \u0111\u1ec3 ph\u00e1t hi\u1ec7n c\u00e1c d\u1ea5u hi\u1ec7u b\u1ea5t th\u01b0\u1eddng v\u00e0 nhanh ch\u00f3ng c\u00e1ch ly, ph\u1ea3n \u1ee9ng v\u1edbi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng.<\/li>\n<li>Gi\u00e1m s\u00e1t li\u00ean t\u1ee5c v\u00e0 qu\u1ea3n l\u00fd ch\u1eb7t ch\u1ebd quy\u1ec1n truy c\u1eadp c\u0169ng nh\u01b0 t\u00e0i nguy\u00ean c\u1ee7a b\u00ean th\u1ee9 ba, \u0111\u1ea3m b\u1ea3o ch\u1ec9 c\u1ea5p quy\u1ec1n c\u1ea7n thi\u1ebft v\u1edbi c\u00e1c quy tr\u00ecnh x\u00e1c th\u1ef1c v\u00e0 \u1ee7y quy\u1ec1n nghi\u00eam ng\u1eb7t.<\/li>\n<li>L\u1eadp k\u1ebf ho\u1ea1ch d\u1ef1 ph\u00f2ng, \u0111a d\u1ea1ng h\u00f3a nh\u00e0 cung c\u1ea5p \u0111\u1ec3 tr\u00e1nh ph\u1ee5 thu\u1ed9c m\u1ed9t ngu\u1ed3n, v\u00e0 x\u00e2y d\u1ef1ng k\u1ebf ho\u1ea1ch \u1ee9ng ph\u00f3 kh\u1ea9n c\u1ea5p to\u00e0n di\u1ec7n cho c\u00e1c t\u00ecnh hu\u1ed1ng t\u1ea5n c\u00f4ng.<\/li>\n<li>Th\u1ef1c hi\u1ec7n ki\u1ec3m tra ch\u1eb7t ch\u1ebd m\u1ea1ng l\u01b0\u1edbi chu\u1ed7i cung \u1ee9ng \u0111\u1ec3 ph\u00e1t hi\u1ec7n s\u1edbm c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt ti\u1ec1m \u1ea9n v\u00e0 x\u1eed l\u00fd k\u1ecbp th\u1eddi.<\/li>\n<\/ul>\n<p>Ph\u00f2ng ch\u1ed1ng hi\u1ec7u qu\u1ea3 t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng \u0111\u00f2i h\u1ecfi chi\u1ebfn l\u01b0\u1ee3c to\u00e0n di\u1ec7n, t\u1eeb \u0111\u00e1nh gi\u00e1, ki\u1ec3m so\u00e1t k\u1ef9 thu\u1eadt \u0111\u1ebfn n\u00e2ng cao nh\u1eadn th\u1ee9c v\u00e0 x\u00e2y d\u1ef1ng k\u1ebf ho\u1ea1ch \u1ee9ng ph\u00f3 trong to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng v\u00e0 c\u00e1c b\u00ean li\u00ean quan.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cac-cong-cu-quet-lo-hong-supply-chain\"><\/span><strong>C\u00e1c c\u00f4ng c\u1ee5 qu\u00e9t l\u1ed7 h\u1ed5ng supply chain<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0110\u1ec3 h\u1ed7 tr\u1ee3 c\u00e1c doanh nghi\u1ec7p trong vi\u1ec7c ph\u00f2ng ch\u1ed1ng <strong>t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng<\/strong>, nhi\u1ec1u c\u00f4ng c\u1ee5 chuy\u00ean d\u1ee5ng \u0111\u00e3 \u0111\u01b0\u1ee3c ph\u00e1t tri\u1ec3n.<\/p>\n<ul>\n<li><strong>Snyk:<\/strong> N\u1ed5i ti\u1ebfng v\u1edbi kh\u1ea3 n\u0103ng ph\u00e2n t\u00edch c\u00e1c th\u01b0 vi\u1ec7n m\u00e3 ngu\u1ed3n m\u1edf v\u00e0 t\u1ef1 \u0111\u1ed9ng ph\u00e1t hi\u1ec7n l\u1ed7 h\u1ed5ng. Snyk t\u00edch h\u1ee3p tr\u1ef1c ti\u1ebfp v\u00e0o quy tr\u00ecnh ph\u00e1t tri\u1ec3n (CI\/CD) \u0111\u1ec3 cung c\u1ea5p c\u1ea3nh b\u00e1o theo th\u1eddi gian th\u1ef1c.<\/li>\n<li><strong>Black Duck (Synopsys):<\/strong> M\u1ed9t trong nh\u1eefng c\u00f4ng c\u1ee5 SCA h\u00e0ng \u0111\u1ea7u, cung c\u1ea5p kh\u1ea3 n\u0103ng hi\u1ec3n th\u1ecb to\u00e0n di\u1ec7n v\u1ec1 c\u00e1c th\u00e0nh ph\u1ea7n m\u00e3 ngu\u1ed3n m\u1edf trong \u1ee9ng d\u1ee5ng v\u00e0 c\u00e1c l\u1ed7 h\u1ed5ng li\u00ean quan.<\/li>\n<li><strong>SonarQube:<\/strong> Ph\u00e2n t\u00edch m\u00e3 ngu\u1ed3n t\u0129nh, gi\u00fap t\u00ecm ra c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt v\u00e0 l\u1ed7i code ngay t\u1eeb giai \u0111o\u1ea1n ph\u00e1t tri\u1ec3n.<\/li>\n<\/ul>\n<p>Vi\u1ec7c k\u1ebft h\u1ee3p c\u00e1c c\u00f4ng c\u1ee5 n\u00e0y v\u00e0o quy tr\u00ecnh b\u1ea3o m\u1eadt gi\u00fap doanh nghi\u1ec7p x\u00e2y d\u1ef1ng m\u1ed9t &#8220;h\u00e0ng r\u00e0o&#8221; v\u1eefng ch\u1eafc, gi\u1ea3m thi\u1ec3u r\u1ee7i ro t\u1eeb <strong>t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng<\/strong>.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cau-hoi-thuong-gap-ve-supply-chain-attack-FAQs\"><\/span><strong>C\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p v\u1ec1 supply chain attack (FAQs)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"1-Tai-sao-supply-chain-attack-lai-nguy-hiem-hon-cac-cuoc-tan-cong-khac\"><\/span><strong>1. T\u1ea1i sao supply chain attack l\u1ea1i nguy hi\u1ec3m h\u01a1n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng kh\u00e1c?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>T\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng<\/strong> nguy hi\u1ec3m h\u01a1n v\u00ec n\u00f3 l\u00e2y lan qua m\u1ed9t <strong>k\u00eanh \u0111\u00e1ng tin c\u1eady<\/strong>. Ng\u01b0\u1eddi d\u00f9ng v\u00e0 h\u1ec7 th\u1ed1ng b\u1ea3o m\u1eadt th\u01b0\u1eddng kh\u00f4ng nghi ng\u1edd m\u1ed9t b\u1ea3n c\u1eadp nh\u1eadt t\u1eeb nh\u00e0 cung c\u1ea5p uy t\u00edn, do \u0111\u00f3, m\u00e3 \u0111\u1ed9c c\u00f3 th\u1ec3 l\u1ea9n tr\u00e1nh c\u00e1c c\u01a1 ch\u1ebf ph\u00f2ng th\u1ee7 truy\u1ec1n th\u1ed1ng v\u00e0 l\u00e2y lan tr\u00ean di\u1ec7n r\u1ed9ng. H\u01a1n n\u1eefa, k\u1ebb t\u1ea5n c\u00f4ng ch\u1ec9 c\u1ea7n t\u00ecm m\u1ed9t \u0111i\u1ec3m y\u1ebfu duy nh\u1ea5t \u0111\u1ec3 g\u00e2y ra thi\u1ec7t h\u1ea1i cho h\u00e0ng lo\u1ea1t m\u1ee5c ti\u00eau.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"2-Lam-the-nao-de-biet-he-thong-cua-toi-co-bi-tan-cong-khong\"><\/span><strong>2. L\u00e0m th\u1ebf n\u00e0o \u0111\u1ec3 bi\u1ebft h\u1ec7 th\u1ed1ng c\u1ee7a t\u00f4i c\u00f3 b\u1ecb t\u1ea5n c\u00f4ng kh\u00f4ng?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>C\u00e1c d\u1ea5u hi\u1ec7u c\u1ee7a m\u1ed9t v\u1ee5 <strong>t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng<\/strong> c\u00f3 th\u1ec3 r\u1ea5t kh\u00f3 nh\u1eadn bi\u1ebft. Tuy nhi\u00ean, m\u1ed9t s\u1ed1 d\u1ea5u hi\u1ec7u b\u1ea5t th\u01b0\u1eddng c\u00f3 th\u1ec3 bao g\u1ed3m:<\/p>\n<ul>\n<li>Ph\u00e1t hi\u1ec7n c\u00e1c k\u1ebft n\u1ed1i m\u1ea1ng kh\u00f4ng mong mu\u1ed1n \u0111\u1ebfn c\u00e1c m\u00e1y ch\u1ee7 l\u1ea1.<\/li>\n<li>C\u00e1c file h\u1ec7 th\u1ed1ng b\u1ecb thay \u0111\u1ed5i kh\u00f4ng r\u00f5 l\u00fd do.<\/li>\n<li>Hi\u1ec7u su\u1ea5t h\u1ec7 th\u1ed1ng gi\u1ea3m \u0111\u1ed9t ng\u1ed9t.<\/li>\n<li>C\u00e1c b\u00e1o c\u00e1o t\u1eeb h\u1ec7 th\u1ed1ng b\u1ea3o m\u1eadt (v\u00ed d\u1ee5: SIEM) cho th\u1ea5y nh\u1eefng ho\u1ea1t \u0111\u1ed9ng \u0111\u00e1ng ng\u1edd.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"3-Mot-doanh-nghiep-nho-can-lam-gi-de-bao-ve-minh\"><\/span>3. M\u1ed9t doanh nghi\u1ec7p nh\u1ecf c\u1ea7n l\u00e0m g\u00ec \u0111\u1ec3 b\u1ea3o v\u1ec7 m\u00ecnh?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Ngay c\u1ea3 khi kh\u00f4ng c\u00f3 ng\u00e2n s\u00e1ch l\u1edbn, m\u1ed9t doanh nghi\u1ec7p nh\u1ecf v\u1eabn c\u00f3 th\u1ec3 gi\u1ea3m thi\u1ec3u r\u1ee7i ro:<\/p>\n<ul>\n<li><strong>L\u1eadp danh s\u00e1ch t\u1ea5t c\u1ea3 c\u00e1c ph\u1ea7n m\u1ec1m, d\u1ecbch v\u1ee5 c\u1ee7a b\u00ean th\u1ee9 ba \u0111ang s\u1eed d\u1ee5ng<\/strong>: Vi\u1ec7c n\u00e0y gi\u00fap b\u1ea1n hi\u1ec3u r\u00f5 &#8220;chu\u1ed7i cung \u1ee9ng&#8221; c\u1ee7a m\u00ecnh.<\/li>\n<li><strong>\u0110\u00e1nh gi\u00e1 r\u1ee7i ro t\u1eeb c\u00e1c nh\u00e0 cung c\u1ea5p<\/strong>: T\u00ecm hi\u1ec3u v\u1ec1 ch\u00ednh s\u00e1ch b\u1ea3o m\u1eadt c\u1ee7a h\u1ecd.<\/li>\n<li><strong>C\u1eadp nh\u1eadt th\u01b0\u1eddng xuy\u00ean<\/strong>: Lu\u00f4n c\u00e0i \u0111\u1eb7t c\u00e1c b\u1ea3n v\u00e1 l\u1ed7i v\u00e0 c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m ngay khi ch\u00fang \u0111\u01b0\u1ee3c ph\u00e1t h\u00e0nh.<\/li>\n<li><strong>S\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 mi\u1ec5n ph\u00ed\/gi\u00e1 ph\u1ea3i ch\u0103ng<\/strong>: C\u00f3 nhi\u1ec1u c\u00f4ng c\u1ee5 qu\u1ea3n l\u00fd l\u1ed7 h\u1ed5ng m\u00e3 ngu\u1ed3n m\u1edf (v\u00ed d\u1ee5: Dependency-Track) c\u00f3 th\u1ec3 gi\u00fap b\u1ea1n ki\u1ec3m tra c\u00e1c th\u00e0nh ph\u1ea7n b\u00ean ngo\u00e0i.<\/li>\n<li><strong>\u0110\u00e0o t\u1ea1o nh\u00e2n vi\u00ean<\/strong>: N\u00e2ng cao nh\u1eadn th\u1ee9c v\u1ec1 c\u00e1c m\u1ed1i \u0111e d\u1ecda tr\u1ef1c tuy\u1ebfn l\u00e0 m\u1ed9t l\u1edbp b\u1ea3o v\u1ec7 quan tr\u1ecdng.<\/li>\n<\/ul>\n<p>D\u1ef1a tr\u00ean nh\u1eefng ph\u00e2n t\u00edch tr\u00ean, t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng \u0111\u00e3 kh\u00f4ng c\u00f2n l\u00e0 m\u1ed9t m\u1ed1i \u0111e d\u1ecda tr\u1eebu t\u01b0\u1ee3ng m\u00e0 l\u00e0 m\u1ed9t r\u1ee7i ro th\u1ef1c t\u1ebf, hi\u1ec7n h\u1eefu v\u1edbi m\u1ecdi doanh nghi\u1ec7p, t\u1eeb l\u1edbn \u0111\u1ebfn nh\u1ecf. N\u00f3 \u0111\u00f2i h\u1ecfi m\u1ed9t c\u00e1ch ti\u1ebfp c\u1eadn b\u1ea3o m\u1eadt m\u1edbi, kh\u00f4ng ch\u1ec9 gi\u1edbi h\u1ea1n trong b\u1ed1n b\u1ee9c t\u01b0\u1eddng c\u1ee7a c\u00f4ng ty m\u00e0 c\u00f2n m\u1edf r\u1ed9ng ra to\u00e0n b\u1ed9 h\u1ec7 sinh th\u00e1i c\u00e1c nh\u00e0 cung c\u1ea5p v\u00e0 \u0111\u1ed1i t\u00e1c.<\/p>\n<p>Thay v\u00ec ch\u1ec9 t\u1eadp trung v\u00e0o vi\u1ec7c b\u1ea3o v\u1ec7 c\u00e1c t\u00e0i s\u1ea3n n\u1ed9i b\u1ed9, c\u00e1c doanh nghi\u1ec7p ph\u1ea3i b\u1eaft \u0111\u1ea7u qu\u1ea3n l\u00fd r\u1ee7i ro t\u1eeb b\u00ean ngo\u00e0i b\u1eb1ng c\u00e1ch \u00e1p d\u1ee5ng c\u00e1c bi\u1ec7n ph\u00e1p ki\u1ec3m so\u00e1t ch\u1eb7t ch\u1ebd, s\u1eed d\u1ee5ng c\u00f4ng c\u1ee5 chuy\u00ean d\u1ee5ng v\u00e0 n\u00e2ng cao nh\u1eadn th\u1ee9c c\u1ee7a \u0111\u1ed9i ng\u0169.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Ng\u00e0y nay c\u00e1c doanh nghi\u1ec7p ph\u1ee5 thu\u1ed9c v\u00e0o h\u1ec7 sinh th\u00e1i ph\u1ea7n m\u1ec1m r\u1ed9ng l\u1edbn, m\u1ed9t m\u1ed1i \u0111e d\u1ecda m\u1edbi \u0111\u00e3 n\u1ed5i l\u00ean v\u00e0 g\u00e2y ra nh\u1eefng thi\u1ec7t h\u1ea1i kh\u00f4n l\u01b0\u1eddng: t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng (Supply Chain Attack). Nh\u01b0ng Supply Chain Attack l\u00e0 g\u00ec, nguy\u00ean nh\u00e2n n\u00e0o d\u1eabn \u0111\u1ebfn t\u1ea5n c\u00f4ng Supply Chain v\u00e0<\/p>\n","protected":false},"author":11,"featured_media":32791,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[83],"tags":[],"class_list":["post-32783","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bao-mat-an-ninh-mang"],"_links":{"self":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/32783","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/comments?post=32783"}],"version-history":[{"count":5,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/32783\/revisions"}],"predecessor-version":[{"id":33612,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/32783\/revisions\/33612"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media\/32791"}],"wp:attachment":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media?parent=32783"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/categories?post=32783"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/tags?post=32783"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}