www.infosecurity-magazine.com
Open in
urlscan Pro
143.204.215.100
Public Scan
URL:
https://www.infosecurity-magazine.com/news/supply-chain-attacks-surge-650/
Submission: On October 12 via api from DE — Scanned from DE
Submission: On October 12 via api from DE — Scanned from DE
Form analysis 2 forms found in the DOM
<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; background: url("https://www.google.com/cse/static/images/1x/en/branding.png") left center no-repeat rgb(255, 255, 255); outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form><form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id2">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id51" class="gstl_51 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti51" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id2" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; background: url("https://www.google.com/cse/static/images/1x/en/branding.png") left center no-repeat rgb(255, 255, 255); outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st51" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb51" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>Text Content
Infosecurity Group Websites
*
* Magazine
* Events
* Infosecurity Europe
* Infosecurity Leadership Summit
* Infosecurity Magazine Events
* Infosecurity North America
* Infosecurity Netherlands
* Infosecurity Belgium
* Infosecurity Russia
* Infosecurity Mexico
* Infosecurity Middle East
* Insight
* Infosecurity Webinars
* Infosecurity Whitepapers
* Infosecurity Online Summits
* Log In
* Sign Up
* ×
search
* News
* Magazine Features
* Opinions
* News Features
* Interviews
* Editorial
* Blogs
* Reviews
* Slackspace
* Next-Gen Infosec
* Webinars
* White Papers
* Podcasts
* Industry Events & Training
* Magazine Events
* Online Summits
* Company Directory
* Application Security
* Automation
* Big Data
* Business Continuity
* Cloud Security
* Compliance
* Cybercrime
* Data Protection
* Digital Forensics
* Encryption
* Human Factor
* Identity Access Management
* Industry Announcements
* Internet Security
* Malware
* Managed Services
* Mobile Security
* Network Security
* Payment Security
* Physical and Information Security Convergence
* Privacy
* Risk Management
* The Internet of Things
* Infosec Blog
* Log In
* Sign Up
Latest
* #ISC2Congress: US Government is Embracing 'Collective Defense'
* Google Unifies Recent Acquisitions Under New Cloud Security Offering
* Toyota Reveals Data Leak of 300,000 Customers
* A New Wave of PayPal Invoice Scams Using Crypto Disguise
* #ISC2Congress: Cybersecurity Pros Must Prepare for Emerging Deepfake Threats
*
* News
* Topics
* Features
* Webinars
* White Papers
* Podcasts
* Events & Conferences
* Directory
* Search
* ×
search
Infosecurity Magazine Home » News » Software Supply Chain Attacks Surge 650% in
a Year
15 Sep 2021 News
SOFTWARE SUPPLY CHAIN ATTACKS SURGE 650% IN A YEAR
PHIL MUNCASTER UK / EMEA NEWS REPORTER, INFOSECURITY MAGAZINE
* Email Phil
* Follow @philmuncaster
The insatiable global demand for open source code packages has led to a
triple-digit year-on-year surge in upstream software supply chain attacks,
according to Sonatype.
The supply chain management specialist compiled its 2021 State of the Software
Supply Chain report from publicly available and proprietary data.
It claimed that global developers would borrow over 2.2 trillion open-source
packages or components from third-party ecosystems to accelerate time-to-market.
This includes Java downloaded from the Maven Central Repository, Python packages
downloaded from PyPi, JavaScript from npmjs and .NET NuGet packages.
These shared code packages often contain publicly disclosed vulnerabilities that
threat actors can exploit. However, increasingly cyber-criminals are getting
more proactive, Sonatype warned.
“Next-generation software supply chain attacks are far more sinister, because
bad actors are no longer waiting for public vulnerability disclosures to pursue
an exploit. Instead, they are taking the initiative and injecting new
vulnerabilities into open source projects that feed the global supply chain, and
then exploiting those vulnerabilities before they are discovered,” the report
noted.
“By shifting their attacks ‘upstream,’ bad actors can gain leverage and the
crucial benefit of time that that enables malware to propagate throughout the
supply chain, enabling far more scalable attacks on ‘downstream’ users.”
Such attacks have increased by a staggering 650% year-on-year, versus a figure
of 430% last year, Sonatype said.
There were 216 such attacks detected over four years between February 2015 and
June 2019. However, this figure rose to 929 during just a year (July 2019–May
2020). That number surged to a staggering 12,000 over the past year.
“We now know that popular projects contain disproportionately more
vulnerabilities,” argued Sonatype EVP, Matt Howard.
“This stark reality highlights both a critical responsibility, and opportunity,
for engineering leaders to embrace intelligent automation so they can
standardize on the best open source suppliers and simultaneously help developers
keep third-party libraries fresh and up-to-date with optimal versions.”
Major cyber-threat campaigns, including the attacks on
SolarWinds and Codecov, highlight the potentially severe repercussions of code
supply-chain compromises.
Related to This Story
* Google Spices Up Supply Chain Security with SLSA Framework
* Most Third-Party Cloud Containers Have Vulnerabilities
* Open Source Repository Attacks Soar 700% in Three Years
* CISA, NSA and npm Release Software Supply Chain Guidance
* Microsoft: SolarWinds Attackers Viewed Our Source Code
WHAT’S HOT ON INFOSECURITY MAGAZINE?
* Read
* Shared
* Watched
* Editor's Choice
1
8 Jul 2021 News
NEW PRINTNIGHTMARE PATCH CAN BE BYPASSED, SAY RESEARCHERS
2
8 Jul 2021 News
CYBERCRIME COSTS ORGANIZATIONS NEARLY $1.79 MILLION PER MINUTE
3
8 Jul 2021 News
CTOS KEEPING QUIET ON BREACHES TO AVOID CYBER BLAME GAME
4
7 Jul 2021 News
OVER 170 SCAM CRYPTOMINING APPS CHARGE FOR NON-EXISTENT SERVICES
5
7 Jul 2021 News
MOST INSIDER DATA BREACHES AREN'T MALICIOUS
6
7 Jul 2021 News
KREMLIN HACKERS REPORTEDLY BREACHED REPUBLICAN NATIONAL COMMITTEE
1
12 Oct 2022 News
#ISC2CONGRESS: US GOVERNMENT IS EMBRACING 'COLLECTIVE DEFENSE'
2
11 Oct 2022 News
GOOGLE UNIFIES RECENT ACQUISITIONS UNDER NEW CLOUD SECURITY OFFERING
3
11 Oct 2022 News
TOYOTA REVEALS DATA LEAK OF 300,000 CUSTOMERS
4
11 Oct 2022 News
A NEW WAVE OF PAYPAL INVOICE SCAMS USING CRYPTO DISGUISE
5
10 Nov 2022, 13:00 EST, 10:00 PST Webinar
LEVERAGING ENDPOINT SECURITY TO NAVIGATE THE MODERN THREAT LANDSCAPE
6
11 Oct 2022 News
#ISC2CONGRESS: CYBERSECURITY PROS MUST PREPARE FOR EMERGING DEEPFAKE THREATS
1
8 Jul 2021 Webinar
OVERCOMING 'SHADOW IT' NEED AND RISK
2
23 Sep 2021 Webinar
HOW TO RETHINK END-USER PROTECTION AND ELIMINATE PHISHING AND RANSOMWARE
3
21 Oct 2021 Webinar
MACHINE ID MANAGEMENT AND DIGITAL TRANSFORMATION: BUILDING A SECURE FUTURE
4
16 Sep 2021 Webinar
NEW STRATEGIES FOR MANAGING MACHINE IDENTITIES
5
7 Oct 2021 Webinar
THIRD-PARTY VULNERABILITIES: DEMYSTIFYING THE UNKNOWN
6
24 Jun 2021 Webinar
DEFINING THE ZERO TRUST AND SASE RELATIONSHIP
1
3 Feb 2022 Podcast
INTOSECURITY CHATS, EPISODE 8: BRIAN HONAN, BROUGHT TO YOU BY HP
2
11 Aug 2022 News
#BHUSA: RUSSIA'S WIPER ATTACKS AGAINST UKRAINE DETAILED
3
15 Aug 2022 Blog
HELLO FROM YOUR NEW EDITOR
4
11 Aug 2022 News
#BHUSA: THE CYBER SAFETY REVIEW BOARD OUTLINES LOG4J LESSONS
5
15 Aug 2022 News
#DEFCON: HOW SANCTIONS IMPACT INTERNET OPERATORS
6
15 Aug 2022 News
LUCKYMOUSE USES COMPROMISED MIMI CHAT APP TO TARGET WINDOWS AND LINUX SYSTEMS
* The Magazine
* About Infosecurity
* Subscription
* Meet the Team
* Contact Us
* Cookies Settings
* Advertisers
* Media Pack
* Contributors
* Forward Features
* Op-ed
* Next-Gen Submission
* Copyright © 2022 Reed Exhibitions Ltd.
* Terms and Conditions
* Privacy Policy
* Intellectual property statement
* Cookie Policy
* Sitemap
*
Please wait…
We use cookies to analyse and improve our service, to improve and personalise
content, advertising and your digital experience. We also share information
about your use of our site with our social media, advertising and analytics
partners. Cookie Policy
Accept All Cookies
Cookies Settings
COOKIE PREFERENCE CENTRE
We process your information, to deliver content or advertisements and measure
the delivery of such content or advertisements, extract insights, and generate
reports to understand service usage; and/or accessing or storing information on
devices for that purpose.
You can choose not to allow some types of cookies. However, blocking some types
of cookies may impact your experience of the site and the services we are able
to offer. Click on the different category headings to find out more, to change
our default settings, and/or view the list of Google Ad-Tech Vendors.
Cookie Policy
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site.
Cookies Details
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
Cookies Details
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. If you do not allow these cookies, you will
experience less targeted advertising.
Cookies Details
UNCATEGORISED COOKIES
Uncategorised cookies
Uncategorised cookies are cookies that we are in the process of classifying,
together with the providers of individual cookies.
Cookies Details
Confirm My Choices
Back Button
Back
PERFORMANCE COOKIES
Vendor Search Search Icon Filter Icon
Clear Filters
Information storage and access
Apply
Consent Leg.Interest
All Consent Allowed
Select All Vendors
Select All Vendors
All Consent Allowed
* HOST DESCRIPTION
View Cookies
REPLACE-WITH-DYANMIC-HOST-ID
* Name
cookie name
Confirm My Choices