Open-source code fuels rise in supply chain cyberattacks

Share post:

Recent research highlights a concerning trend in cybersecurity: the increasing use of open-source code and legitimate hacking tools in software supply chain attacks. These attacks, once rare and complex, have become more popular among various malicious actors, from nation-state groups to lower-level cybercriminals.

In 2023, there was a notable rise in the sharing of open-source tools and resources among attackers, making it easier to execute these sophisticated attacks. This collaboration has effectively lowered the barrier to entry for software supply chain attacks, as reported by cybersecurity company ReversingLabs. The company found a 28% increase in malicious packages across major open-source repositories in the first nine months of 2023 compared to the same period in 2022.

These malicious packages often contain code that helps hackers create backdoors, spread malware, and facilitate trojan horse attacks, while evading basic network monitoring tools. One notable campaign, “Operation Brainleeches,” involved phishing schemes based on packages hosted on the npm platform, complete with tools for email phishing campaigns.

The rise in supply chain attacks underscores the need for continuous auditing of technologies, scanning code for security flaws during development, and developing new software supply chain guidance. As malicious actors continue to evolve their tactics, these types of attacks are expected to remain a significant threat in 2024.

Sources include: Axios

SUBSCRIBE NOW

Related articles

Rogers CEO Faces Grilling Over Mid-Contract Price Hikes, Customer Complaints

Rogers Communications CEO Tony Staffieri testified before a Parliamentary committee Monday, facing tough questions about mid-contract price increases...

AWS Launches Physical Locations for High-Speed Cloud Data Uploads

Amazon Web Services (AWS) unveiled a novel service at its re:Invent 2024 conference: Data Transfer Terminal, a network...

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

OpenAI’s Text-to-Video Generator Leaked by Disgruntled Artists

A group of 16 artists has leaked OpenAI's unreleased text-to-video generator, Sora, accusing the $157 billion AI company...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways