BEST OF THE WEB

Open-source code fuels rise in supply chain cyberattacks

Recent research highlights a concerning trend in cybersecurity: the increasing use of open-source code and legitimate hacking tools in software supply chain attacks. These attacks, once rare and complex, have become more popular among various malicious actors, from nation-state groups to lower-level cybercriminals.

In 2023, there was a notable rise in the sharing of open-source tools and resources among attackers, making it easier to execute these sophisticated attacks. This collaboration has effectively lowered the barrier to entry for software supply chain attacks, as reported by cybersecurity company ReversingLabs. The company found a 28 per cent increase in malicious packages across major open-source repositories in the first nine months of 2023 compared to the same period in 2022.

These malicious packages often contain code that helps hackers create backdoors, spread malware, and facilitate trojan horse attacks, while evading basic network monitoring tools. One notable campaign, “Operation Brainleeches,” involved phishing schemes based on packages hosted on the npm platform, complete with tools for email phishing campaigns.

The rise in supply chain attacks underscores the need for continuous auditing of technologies, scanning code for security flaws during development, and developing new software supply chain guidance. As malicious actors continue to evolve their tactics, these types of attacks are expected to remain a significant threat in 2024.

Sources include: Axios

Jim Love
Jim Love
I've been in IT and business for over 30 years. I worked my way up, literally from the mail room and I've done every job from mail clerk to CEO. Today I'm CIO and Chief Digital Officer of IT World Canada - Canada's leader in ICT publishing and digital marketing.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web