January 16, 2024 Recent research highlights a concerning trend in cybersecurity: the increasing use of open-source code and legitimate hacking tools in software supply chain attacks. These attacks, once rare and complex, have become more popular among various malicious actors, from nation-state groups to lower-level cybercriminals.

In 2023, there was a notable rise in the sharing of open-source tools and resources among attackers, making it easier to execute these sophisticated attacks. This collaboration has effectively lowered the barrier to entry for software supply chain attacks, as reported by cybersecurity company ReversingLabs. The company found a 28% increase in malicious packages across major open-source repositories in the first nine months of 2023 compared to the same period in 2022.

These malicious packages often contain code that helps hackers create backdoors, spread malware, and facilitate trojan horse attacks, while evading basic network monitoring tools. One notable campaign, “Operation Brainleeches,” involved phishing schemes based on packages hosted on the npm platform, complete with tools for email phishing campaigns.

The rise in supply chain attacks underscores the need for continuous auditing of technologies, scanning code for security flaws during development, and developing new software supply chain guidance. As malicious actors continue to evolve their tactics, these types of attacks are expected to remain a significant threat in 2024.

Sources include: Axios