Attacks against open source repositories are becoming more frequent.
According to recent research, cybercriminals are taking advantage of the fact that more and more companies are using open source code repositories to develop their software solutions. According to a recent study by software supply chain management service provider Sonatype, the frequency of infected packages, typosquatting attacks on these platforms, and similar hacks has increased significantly over the past three years.
The organization discovered around 95,000 harmful packages in the past three years and over 55,000 dangerous packages that were only recently released using their Firewall repository. By then, it had increased by an average of 700% in 36 months.
The company says it continuously finds and blocks harmful packages as well as potentially vulnerable components by merging behavioral analysis with automated policy enforcement. Additionally, it uses AI to assess each freshly released open-source software to see if it poses any security risks. He claims that manual analysis has become almost impossible due to the significant increase in open source.
Moreover, it does not matter whether or not the company includes the malicious component in the finished product. The company claims that if it’s downloaded to its devices (opens in a new tab), it’s already too late.
“The volume, frequency, severity and sophistication of malicious cyberattacks continue to increase. Organizations cannot – and should not – avoid using open source (opens in a new tab) just to protect themselves,” Fox added. “But they can use preventative tools, like the Sonatype firewall, to keep developers on track and secure software supply chains.”