Open-source code fuels rise in supply chain cyberattacks

Share post:

Recent research highlights a concerning trend in cybersecurity: the increasing use of open-source code and legitimate hacking tools in software supply chain attacks. These attacks, once rare and complex, have become more popular among various malicious actors, from nation-state groups to lower-level cybercriminals.

In 2023, there was a notable rise in the sharing of open-source tools and resources among attackers, making it easier to execute these sophisticated attacks. This collaboration has effectively lowered the barrier to entry for software supply chain attacks, as reported by cybersecurity company ReversingLabs. The company found a 28% increase in malicious packages across major open-source repositories in the first nine months of 2023 compared to the same period in 2022.

These malicious packages often contain code that helps hackers create backdoors, spread malware, and facilitate trojan horse attacks, while evading basic network monitoring tools. One notable campaign, “Operation Brainleeches,” involved phishing schemes based on packages hosted on the npm platform, complete with tools for email phishing campaigns.

The rise in supply chain attacks underscores the need for continuous auditing of technologies, scanning code for security flaws during development, and developing new software supply chain guidance. As malicious actors continue to evolve their tactics, these types of attacks are expected to remain a significant threat in 2024.

Sources include: Axios


Related articles

84% of PC users unwilling to pay extra for AI features?

A recent poll conducted by the site TechPowerUp has revealed a significant trend among PC users: a strong...

Microsoft lays off DEI team

Microsoft has laid off its internal team dedicated to diversity, equity, and inclusion (DEI), a move that has...

Australian Craig Wright finally forced to concede he did not invent Bitcoin

Australian Craig Wright has finally conceded that he is not the mysterious inventor of Bitcoin, Satoshi Nakamoto, following...

FBI rapidly hacks into Trump shooter’s phone, raises privacy concerns

Just two days after the attempted assassination at a Trump rally, the FBI announced it had gained access...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways