Cybercriminals are taking advantage of the fact that an increasing number of companies rely on open source code repositories to create their software solutions, new research shows.
Over the past three years, the number of hacked packets, typosquatting attacks on such platforms and similar cyber attacks has increased sharply, according to a new report by Sonatype, a software supply chain management service provider.
Using the repository firewall, the company identified more than 55,000 newly released malicious packages in the last year alone, and almost 95,000 in the last three years. This leads to an average of 700% jump in 36 months.
Automation of analysis
“Almost every modern company relies on open source. Apparently, using open source repositories as an entry point for malicious attacks shows no signs of slowing down, making early detection of both known and unknown vulnerabilities more important than ever, said Brian Fox, co-founder and chief technology officer of the company Sonatype. .
“Stopping malicious components before they reach the door is a fundamental part of risk prevention and should be part of any conversation about protecting software supply chains.”
By combining behavioral analysis and automated policy enforcement, the company continuously detects and blocks malicious packets as well as potentially sensitive components. In addition, it uses artificial intelligence to evaluate each newly released open source software component to determine if there are any threats. It claims that with the surge in open-source, manual analysis is virtually impossible.
Moreover, it doesn’t even matter if the company uses a malicious component in the end product or not. If it gets downloaded at their endpoints (opens in a new tab)it’s too late, says the company.
“The volume, frequency, severity and sophistication of malicious cyber attacks are constantly increasing. Organizations cannot – and should not – avoid the use of open source (opens in a new tab) just to protect himself, ”added Fox. “But they can use preventative tools like Sonatype Firewall to keep developers up to date and keep their software supply chains safe.”