"Surge in Cyber Attacks Targeting Open Source Software Projects"

Researchers at Sonatype have found that there has been a massive 430 percent surge in next generation cyberattacks aimed at actively infiltrating open source software supply chains.  There were 929 next generation software supply chain attacks recorded between July 2019 and May 2020.   Between February 2015 and June 2019, only 216 such attacks were recorded.  Next generation attacks like ​Octopus Scanner​ and ​electron-native-notify​ are strategic, and they involve adversaries intentionally targeting and surreptitiously compromising “upstream” open source projects so they can subsequently exploit vulnerabilities when they inevitably flow “downstream” into the wild.  Legacy software supply chain attacks are tactical and involve adversaries waiting for new zero day vulnerabilities to be publicly disclosed and then racing to take advantage in the wild before others can remediate.

Help Net Security reports: "Surge in Cyber Attacks Targeting Open Source Software Projects"