www.infosecurity-magazine.com
Open in
urlscan Pro
143.204.215.100
Public Scan
URL:
https://www.infosecurity-magazine.com/news/supply-chain-attacks-surge-650/
Submission: On October 12 via api from DE — Scanned from DE
Submission: On October 12 via api from DE — Scanned from DE
Form analysis
2 forms found in the DOM<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; background: url("https://www.google.com/cse/static/images/1x/en/branding.png") left center no-repeat rgb(255, 255, 255); outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>
<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id2">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id51" class="gstl_51 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti51" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id2" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; background: url("https://www.google.com/cse/static/images/1x/en/branding.png") left center no-repeat rgb(255, 255, 255); outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st51" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb51" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>
Text Content
Infosecurity Group Websites * * Magazine * Events * Infosecurity Europe * Infosecurity Leadership Summit * Infosecurity Magazine Events * Infosecurity North America * Infosecurity Netherlands * Infosecurity Belgium * Infosecurity Russia * Infosecurity Mexico * Infosecurity Middle East * Insight * Infosecurity Webinars * Infosecurity Whitepapers * Infosecurity Online Summits * Log In * Sign Up * × search * News * Magazine Features * Opinions * News Features * Interviews * Editorial * Blogs * Reviews * Slackspace * Next-Gen Infosec * Webinars * White Papers * Podcasts * Industry Events & Training * Magazine Events * Online Summits * Company Directory * Application Security * Automation * Big Data * Business Continuity * Cloud Security * Compliance * Cybercrime * Data Protection * Digital Forensics * Encryption * Human Factor * Identity Access Management * Industry Announcements * Internet Security * Malware * Managed Services * Mobile Security * Network Security * Payment Security * Physical and Information Security Convergence * Privacy * Risk Management * The Internet of Things * Infosec Blog * Log In * Sign Up Latest * #ISC2Congress: US Government is Embracing 'Collective Defense' * Google Unifies Recent Acquisitions Under New Cloud Security Offering * Toyota Reveals Data Leak of 300,000 Customers * A New Wave of PayPal Invoice Scams Using Crypto Disguise * #ISC2Congress: Cybersecurity Pros Must Prepare for Emerging Deepfake Threats * * News * Topics * Features * Webinars * White Papers * Podcasts * Events & Conferences * Directory * Search * × search Infosecurity Magazine Home » News » Software Supply Chain Attacks Surge 650% in a Year 15 Sep 2021 News SOFTWARE SUPPLY CHAIN ATTACKS SURGE 650% IN A YEAR PHIL MUNCASTER UK / EMEA NEWS REPORTER, INFOSECURITY MAGAZINE * Email Phil * Follow @philmuncaster The insatiable global demand for open source code packages has led to a triple-digit year-on-year surge in upstream software supply chain attacks, according to Sonatype. The supply chain management specialist compiled its 2021 State of the Software Supply Chain report from publicly available and proprietary data. It claimed that global developers would borrow over 2.2 trillion open-source packages or components from third-party ecosystems to accelerate time-to-market. This includes Java downloaded from the Maven Central Repository, Python packages downloaded from PyPi, JavaScript from npmjs and .NET NuGet packages. These shared code packages often contain publicly disclosed vulnerabilities that threat actors can exploit. However, increasingly cyber-criminals are getting more proactive, Sonatype warned. “Next-generation software supply chain attacks are far more sinister, because bad actors are no longer waiting for public vulnerability disclosures to pursue an exploit. Instead, they are taking the initiative and injecting new vulnerabilities into open source projects that feed the global supply chain, and then exploiting those vulnerabilities before they are discovered,” the report noted. “By shifting their attacks ‘upstream,’ bad actors can gain leverage and the crucial benefit of time that that enables malware to propagate throughout the supply chain, enabling far more scalable attacks on ‘downstream’ users.” Such attacks have increased by a staggering 650% year-on-year, versus a figure of 430% last year, Sonatype said. There were 216 such attacks detected over four years between February 2015 and June 2019. However, this figure rose to 929 during just a year (July 2019–May 2020). That number surged to a staggering 12,000 over the past year. “We now know that popular projects contain disproportionately more vulnerabilities,” argued Sonatype EVP, Matt Howard. “This stark reality highlights both a critical responsibility, and opportunity, for engineering leaders to embrace intelligent automation so they can standardize on the best open source suppliers and simultaneously help developers keep third-party libraries fresh and up-to-date with optimal versions.” Major cyber-threat campaigns, including the attacks on SolarWinds and Codecov, highlight the potentially severe repercussions of code supply-chain compromises. Related to This Story * Google Spices Up Supply Chain Security with SLSA Framework * Most Third-Party Cloud Containers Have Vulnerabilities * Open Source Repository Attacks Soar 700% in Three Years * CISA, NSA and npm Release Software Supply Chain Guidance * Microsoft: SolarWinds Attackers Viewed Our Source Code WHAT’S HOT ON INFOSECURITY MAGAZINE? * Read * Shared * Watched * Editor's Choice 1 8 Jul 2021 News NEW PRINTNIGHTMARE PATCH CAN BE BYPASSED, SAY RESEARCHERS 2 8 Jul 2021 News CYBERCRIME COSTS ORGANIZATIONS NEARLY $1.79 MILLION PER MINUTE 3 8 Jul 2021 News CTOS KEEPING QUIET ON BREACHES TO AVOID CYBER BLAME GAME 4 7 Jul 2021 News OVER 170 SCAM CRYPTOMINING APPS CHARGE FOR NON-EXISTENT SERVICES 5 7 Jul 2021 News MOST INSIDER DATA BREACHES AREN'T MALICIOUS 6 7 Jul 2021 News KREMLIN HACKERS REPORTEDLY BREACHED REPUBLICAN NATIONAL COMMITTEE 1 12 Oct 2022 News #ISC2CONGRESS: US GOVERNMENT IS EMBRACING 'COLLECTIVE DEFENSE' 2 11 Oct 2022 News GOOGLE UNIFIES RECENT ACQUISITIONS UNDER NEW CLOUD SECURITY OFFERING 3 11 Oct 2022 News TOYOTA REVEALS DATA LEAK OF 300,000 CUSTOMERS 4 11 Oct 2022 News A NEW WAVE OF PAYPAL INVOICE SCAMS USING CRYPTO DISGUISE 5 10 Nov 2022, 13:00 EST, 10:00 PST Webinar LEVERAGING ENDPOINT SECURITY TO NAVIGATE THE MODERN THREAT LANDSCAPE 6 11 Oct 2022 News #ISC2CONGRESS: CYBERSECURITY PROS MUST PREPARE FOR EMERGING DEEPFAKE THREATS 1 8 Jul 2021 Webinar OVERCOMING 'SHADOW IT' NEED AND RISK 2 23 Sep 2021 Webinar HOW TO RETHINK END-USER PROTECTION AND ELIMINATE PHISHING AND RANSOMWARE 3 21 Oct 2021 Webinar MACHINE ID MANAGEMENT AND DIGITAL TRANSFORMATION: BUILDING A SECURE FUTURE 4 16 Sep 2021 Webinar NEW STRATEGIES FOR MANAGING MACHINE IDENTITIES 5 7 Oct 2021 Webinar THIRD-PARTY VULNERABILITIES: DEMYSTIFYING THE UNKNOWN 6 24 Jun 2021 Webinar DEFINING THE ZERO TRUST AND SASE RELATIONSHIP 1 3 Feb 2022 Podcast INTOSECURITY CHATS, EPISODE 8: BRIAN HONAN, BROUGHT TO YOU BY HP 2 11 Aug 2022 News #BHUSA: RUSSIA'S WIPER ATTACKS AGAINST UKRAINE DETAILED 3 15 Aug 2022 Blog HELLO FROM YOUR NEW EDITOR 4 11 Aug 2022 News #BHUSA: THE CYBER SAFETY REVIEW BOARD OUTLINES LOG4J LESSONS 5 15 Aug 2022 News #DEFCON: HOW SANCTIONS IMPACT INTERNET OPERATORS 6 15 Aug 2022 News LUCKYMOUSE USES COMPROMISED MIMI CHAT APP TO TARGET WINDOWS AND LINUX SYSTEMS * The Magazine * About Infosecurity * Subscription * Meet the Team * Contact Us * Cookies Settings * Advertisers * Media Pack * Contributors * Forward Features * Op-ed * Next-Gen Submission * Copyright © 2022 Reed Exhibitions Ltd. * Terms and Conditions * Privacy Policy * Intellectual property statement * Cookie Policy * Sitemap * Please wait… We use cookies to analyse and improve our service, to improve and personalise content, advertising and your digital experience. We also share information about your use of our site with our social media, advertising and analytics partners. Cookie Policy Accept All Cookies Cookies Settings COOKIE PREFERENCE CENTRE We process your information, to deliver content or advertisements and measure the delivery of such content or advertisements, extract insights, and generate reports to understand service usage; and/or accessing or storing information on devices for that purpose. You can choose not to allow some types of cookies. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more, to change our default settings, and/or view the list of Google Ad-Tech Vendors. Cookie Policy MANAGE CONSENT PREFERENCES STRICTLY NECESSARY COOKIES Always Active Strictly Necessary Cookies These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Cookies Details PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. Cookies Details FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Cookies Details TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. If you do not allow these cookies, you will experience less targeted advertising. Cookies Details UNCATEGORISED COOKIES Uncategorised cookies Uncategorised cookies are cookies that we are in the process of classifying, together with the providers of individual cookies. Cookies Details Confirm My Choices Back Button Back PERFORMANCE COOKIES Vendor Search Search Icon Filter Icon Clear Filters Information storage and access Apply Consent Leg.Interest All Consent Allowed Select All Vendors Select All Vendors All Consent Allowed * HOST DESCRIPTION View Cookies REPLACE-WITH-DYANMIC-HOST-ID * Name cookie name Confirm My Choices