In 2017, NotPetya targeted Ukrainian companies but also hit global corporations, causing damage worth billions of dollars and is said to be one of the most devastating cyberattacks known today .
download or update sites.Ī prominent example of such supply chain attacks is NotPetya, a ransomware concealed in a malicious update of a popular Ukrainian accounting software . Frequently, attackers tamper with the end product of a given vendor such that it carries a valid digital signature, as it is signed by the respective vendor, and may be obtained by end-users through trusted distribution channels, e.g. In general, software supply chain attacks aim to inject malicious code into a software product.
This work is meant to facilitate the future development of preventive and detective safeguards by open source and research communities. Those packages, dating from November 2015 to November 2019, were manually collected and analyzed. This paper presents a dataset as well as analysis of 174 malicious software packages that were used in real-world attacks on open source software supply chains and which were distributed via the popular package repositories npm, PyPI, and RubyGems. Even though many approaches for detection and discovery of vulnerable packages exist, no prior work has focused on malicious packages. Recent years saw a number of supply chain attacks that leverage the increasing use of open source during software development, which is facilitated by dependency managers that automatically resolve, download and install hundreds of open source packages throughout the software life cycle. Read more about how to defend against JavaScript malware or about malware obfuscation on Secplicity.A software supply chain attack is characterized by the injection of malicious code into a software package in order to compromise dependent systems further down the chain. Read more about the CCleaner security breach on The Verge, or read Cisco Talos’s blog post for more technical details. As The Verge cited in their article, cybercriminals successfully breached the Ukranian company MeDoc earlier this year then utilized similar distribution tactics to spread the infamous Petya ransomware. This attack is not the first of its kind, and is a trend that security researchers and threat analysts will definitely be monitoring more closely moving forward.
By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users’ inherent trust in the files and web servers used to distribute updates.” Here’s an excerpt from The Verge’s story highlighting why this particular security breach is remarkable: “ This is an unusual attack as software similar to CCleaner is trusted by consumers and meant to remove “crapware” from a system. Dubbed “crap cleaner,” Avast’s CCleaner application has been downloaded more than 2 billion times worldwide and boasts a growth rate of 5 million desktop installs per week, making it a prime target for cybercriminals. “For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,” said researchers. This morning, The Verge reported an unusual attack on CCleaner, the flagship application of Avast-owned Piriform. According to security researchers at Cisco Talos, hackers injected malware into the app’s software update, which was then downloaded by 2.27 million users. CCleaner’s primary function is to perform routine maintenance and cleanup on PCs, in addition to offering other privacy protections.