"Report Finds Software Supply Chain Attacks Show No Sign of Slowing Down"

According to a new report from Reversing Labs, software supply chain attacks show no signs of slowing or decreasing nearly two years after the SolarWinds hack. The report highlights that attacks leveraging malicious open-source modules have continued to increase in the commercial sector. Since 2020, there has been an exponential increase in supply chain attacks, followed by a slower but steady rise in 2022. The popular open-source repository Node Package Manager (NPM) is a favorite among hackers. From January to October, 7,000 malicious package uploads to NPM were detected, a nearly 100-fold increase over the 75 malicious packages discovered in 2020 and a 40 percent increase in malicious packages discovered in 2021. One attack detailed in August by Reversing Labs involved over two dozen NPM packages containing obfuscated JavaScript. The malicious packages were designed to steal data from individuals who used applications or websites where the malicious packages were installed. The Python Package Index (PyPI), was also discovered to be flooded with tainted open-source modules designed to mine cryptocurrency, plant malware, and more. The attacks matched what researchers saw in 2021, when attackers often used dependency confusion and typosquatting tactics. Secrets exposed through open-source repositories maintained internally or by third-party contractors impacted high-profile organizations such as Samsung and Toyota Motor. This article continues to discuss key findings from Reversing Labs' new report on supply chain attacks.  

SiliconANGLE reports "Report Finds Software Supply Chain Attacks Show No Sign of Slowing Down"