Attacks on open source repositories are becoming more frequent.
According to recent research, cybercriminals are profiting from the fact that more businesses are using open source code repositories to develop their software solutions. According to a recent research from software supply chain management service provider Sonatype, the frequency of infected packages, typosquatting assaults on such platforms, and similar hacks has increased dramatically over the past three years.
The organisation discovered about 95,000 harmful packages over the course of the last three years and over 55,000 dangerous packages that were only recently published by employing their repository Firewall. By then, it had increased by an average of 700% in 36 months.
The business claims that it continuously finds and blocks harmful packages as well as potentially vulnerable components by fusing behavioural analysis with automated policy enforcement. Additionally, it employs AI to assess each piece of freshly published open source software to see if it poses any security risks. It asserts that manual analysis has become nearly impossible as a result of the significant increase in open source.
Furthermore, it is irrelevant whether the business includes the malicious component in the finished product or not. The corporation claims that if it is downloaded on their endpoints(opens in new tab), it is already too late.
“The volume, frequency, severity, and sophistication of malicious cyberattacks continue to increase. Organizations can’t–and shouldn’t–avoid the use of open source(opens in new tab) just to protect themselves,” Fox added. “But they can use preventative tools–such as the Sonatype Firewall–to keep developers on track and software supply chains secure.”