Across major open-source software platforms-from Java to Python, and from NPM to RubyGems-the number of components used has grown 75% in two years, exceeding 28 million public projects and repositories. Developers can access about 21,400 new component releases every day, according to Sonatype's 2019 State of the Software Supply Chain report. Nearly a score of attacks on the software supply chain have been documented in the past three years, targeting developers and open-source software components and aiming to infect their software and use their access to target a small selection of users.ĭealing with these threats requires that developers put renewed focus on ensuring the integrity of both their internal code and any third-party code they incorporate into their programs, software security experts agree. While knowing the details of such an incident is rare, software-supply-chain attacks are becoming increasingly common, said Michal Salat, director of threat intelligence for Avast, which bought Piriform in 2017, just before the company discovered the breach. In the end, the group behind the attack-thought to be Chinese, because ShadowPad is commonly used by a Chinese state-sponsored group-used Piriform's developers to infect the company's customers. The program helped attackers whittle down their collection of targets to just 40 systems, which then downloaded the ShadowPad Trojan. Subsequent updates to CCleaner inadvertently added the Trojaned software to nearly 2.3 million customer systems. Using the malicious program, attackers silently invaded parts of Piriform's build system for creating its utility application, CCleaner, adding code that would send back information about the software users' systems. On April 12, 2017, four computers at utility-software firm Piriform, previously compromised, quietly reached out to the Internet and downloaded and installed a remote-access Trojan known as ShadowPad.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |