Open-source code fuels rise in supply chain cyberattacks

Share post:

Recent research highlights a concerning trend in cybersecurity: the increasing use of open-source code and legitimate hacking tools in software supply chain attacks. These attacks, once rare and complex, have become more popular among various malicious actors, from nation-state groups to lower-level cybercriminals.

In 2023, there was a notable rise in the sharing of open-source tools and resources among attackers, making it easier to execute these sophisticated attacks. This collaboration has effectively lowered the barrier to entry for software supply chain attacks, as reported by cybersecurity company ReversingLabs. The company found a 28% increase in malicious packages across major open-source repositories in the first nine months of 2023 compared to the same period in 2022.

These malicious packages often contain code that helps hackers create backdoors, spread malware, and facilitate trojan horse attacks, while evading basic network monitoring tools. One notable campaign, “Operation Brainleeches,” involved phishing schemes based on packages hosted on the npm platform, complete with tools for email phishing campaigns.

The rise in supply chain attacks underscores the need for continuous auditing of technologies, scanning code for security flaws during development, and developing new software supply chain guidance. As malicious actors continue to evolve their tactics, these types of attacks are expected to remain a significant threat in 2024.

Sources include: Axios

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways