RL Blog

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
Why RL Built Spectra Assure Community
April 14, 2026

Why RL Built Spectra Assure Community

We set out to help dev and AppSec teams secure the village: OSS dependencies, malware, more. Learn how.

Read More about Why RL Built Spectra Assure Community
Why RL Built Spectra Assure Community

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ReversingLabs: The More Powerful, Cost-Effective Alternative to VirusTotalSee Why
Skip to main content
Contact UsSupportLoginBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
EventsRL at RSAC
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu
AppSec & Supply Chain SecuritySeptember 13, 2023

IoT and the supply chain: The road to securing devices

In this episode of ConversingLabs, recorded on the sidelines of Black Hat in Las Vegas, NetRise CEO Thomas Pace talks about supply chain threats to the Internet of Things (IoT).

smiling woman with glasses
Carolynn van Arsdale, Writer, ReversingLabs.Carolynn van Arsdale
FacebookFacebookXX / TwitterLinkedInLinkedInblueskyBlueskyEmail Us
IoT and the supply chain: The road to securing devices

In May, researchers at Microsoft discovered that a threat group known as Volt Typhoon, which is sponsored by the nation-state of China, was targeting U.S. critical infrastructure (CI) using living-off-the-land techniques. To gain initial access to targeted systems, attackers used internet-facing Fortinet Fortiguard security devices, which are meant to protect Internet of Things (IoT) devices.

Despite that, the Volt Typhoon attackers abused that hardware to do the exact opposite of what it was supposed to do. The result: Organizations in critical sectors like transportation, construction, government, information technology, and more were compromised.

Threats to the growing Internet of Things aren’t new. The FBI’s Internet Crime Complaint Center (IC3) issued a warning about IoT threats in 2015. A year later, in 2016, Mirai — a botnet made up of hundreds of thousands of compromised IoT devices — was linked to large scale distributed denial of service (DDoS) attacks.

See ConversingLabs interview: Modern Risks to the Internet of Things and Software Supply Chains

Security as an afterthought for IoT: No more

Despite these incidents, cybersecurity has remained an afterthought in the IoT space. The gap in the protection of IoT devices is what NetRise co-founder and CEO Thomas Pace is trying to solve for. His company works with organizations to better assess the cybersecurity of firmware and the devices that run it.

Pace believes that taking the time to unpack, reverse engineer and analyze firmware is the best way to ensure that organizations are protected from threat actors targeting embedded devices and are not flying blind when it comes to IoT risk. Based on what he has seen in this market, this is a must-have capability. Customers that rely on manufacturers to alert them to vulnerabilities or risks in their IoT devices may struggle to stay on top of scores or hundreds of vendor connections and find they are on the back foot when new IoT threats and attacks emerge.

Watch and learn with ConversingLabs

Recently, Pace visited the ReversingLabs booth at Black Hat USA and chatted with ConversingLabs host Paul Roberts. In this conversation, Pace gives an overview of the problems facing IoT devices, and the extent to which IoT devices can be abused. Pace also talks about how threat actors are expanding malicious campaigns to include attacks on IoT software supply chains.

See the full ConversingLabs episode with Pace, Modern Risks to the Internet of Things and Software Supply Chains, or listen to it wherever you get your podcasts.

Keep learning

  • Get up to speed on the state of software security with RL's Software Supply Chain Security Report 2026. Plus: See the the webinar to discussing the findings.
  • Learn why binary analysis is a must-have in the Gartner® CISO Playbook for Commercial Software Supply Chain Security.
  • Take action on securing AI/ML with our report: AI Is the Supply Chain. Plus: See RL's research on nullifAI and watch how RL discovered the novel threat.
  • Get the report: Go Beyond the SBOM. Plus: See the CycloneDX xBOM webinar.

Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

Tags:AppSec & Supply Chain Security

More Blog Posts

Developer in action

GitHub breach: The development ecosystem is in the hot seat

This TeamPCP attack is a serious wakeup call about software supply chain security — and the problems with implicit trust.

Learn More about GitHub breach: The development ecosystem is in the hot seat
GitHub breach: The development ecosystem is in the hot seat
Robot Army

AI agents are the new insider threat

AI security leader and author Steve Wilson explains why you need to rethink security — and treat AI agents as digital workers.

Learn More about AI agents are the new insider threat
AI agents are the new insider threat
Open Sign

Shai-Hulud code drop: It’s open season for attacks

The npm malware's public release provides a ready-made blueprint for threat actors. Take action on supply chain security.

Learn More about Shai-Hulud code drop: It’s open season for attacks
Shai-Hulud code drop: It’s open season for attacks
AI infrastructure

Think AI agents are risky? Your underlying stack is too

To manage agentic AI risk, organizations need to focus more on the infrastructure they run on.

Learn More about Think AI agents are risky? Your underlying stack is too
Think AI agents are risky? Your underlying stack is too

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top