The Proliferation Of Open Source Malware

Uploaded on 2024-12-17 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW

The end-to-end software supply chain security platform, Sonatype, has published its 10th annual 2024 Open Source Malware Threat Report, citing that malicious packages reached more than 778,500 since the company started tracking in 2019. 

Open source malware has been proliferating and Sonatype  has analysed open source malware in 2024, investigating  how threat actors use malicious open source packages to target developers as enterprises rely on open source components to build custom AI models.

This year, Sonatype researchers have uncovered  major campaigns, notably including the PyPl crypto stealer, a new attack using LUMMA malware and the solana-py tposquat malware. 

Analysing open source malware data and trends in 2024, Sonatype researchers found: 

  • Popular open-source code registry now represents 98.5% of malicious packages observed. The JavaScript ecosystem’s massive 70% growth in download requests combined, largely due to AI and spam, with minimal verification processes for new packages make it a popular target for threat actors.
  • PUAs (Potentially Unwanted Applications) represent the bulk of open source malware activity (64.75%). These can contain spyware, adware, or tracking components that would compromise the security and privacy of end users. Other prevalent types of open source malware include security holdings packages (24.2%) and data exfiltration (7.86%).
  • Government organisations are defending against the lion’s share of open source malware attacks. Sonatype helped customers block more than 450,000 malware attacks in 2024 — 67.31% at government organisations, 24% at financial services companies, and 2.15% in the energy, oil & gas sector.
  • Shadow downloads increased 32.8% over the past year. Open source malware is increasingly being downloaded directly to developer machines through “shadow downloads” which bypass software repository policies and security checkpoints.

In comment, Brian Fox, CTO and Co-Founder at Sonatype said  “Software developers have become the prime target for the next evolution of software supply chain attacks... Open source malware is uniquely nefarious, it sits between endpoint solutions, which can’t detect this method of delivery, and traditional vulnerability analysis."

“Too many enterprises treat open source malware like vulnerabilities in code, waiting to catch bugs during scanning which is too late. It is imperative for organisations to take a proactive approach, preventing consumption of open source malware before it enters their development pipelines.” Fox concludes.

Sonatype has provided annual analyses of open source consumption data,r releasing its State of the Software Supply Chain Report. This year’s report found a 156% increase in open source malware over 2023, and Sonatype estimates 50% of unprotected repositories already have cached open source malware.

For a detailed review  on open source malware in 2024 click HERE  

Image: @Sonatype

You Might Also Read:

Strengthen Software Supply Chain & Governance For Better AI System Cybersecurity:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Challenges Of Middle Management In Email Cybersecurity
General Motors Writes-Off $5bn On Robot Taxis »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Australian Signals Directorate (ASD)

Australian Signals Directorate (ASD)

The Australian Signals Directorate is an intelligence agency in the Australian Government Department of Defence.

ISC2

ISC2

ISC2 is an international, non-profit membership association for information security leaders. Our information security certifications are recognized as the global standard for excellence.

Aspisec

Aspisec

Aspisec is a cybersecurity company specialized in Firmware Security and Critical Infrastructure Protection.

Polyrize

Polyrize

The Polyrize continuous authorization platform for SaaS and IaaS stops tomorrow's public cloud cyber threats, today.

CYBAVO

CYBAVO

CYBAVO is a cryptocurrency security company founded by experts from the cryptocurrency and security industries.

Cyphra

Cyphra

Cyphra’s team provide cyber security consulting, technical and managed services expertise and experience to support your organisation.

GRSi

GRSi

GRSi deliver next-generation systems engineering, cybersecurity, technology insertion and best practices-based Enterprise Operations (EOps) management.

Stefanini Group

Stefanini Group

Stefanini is a global IT services company providing a broad range of solutions for digital transformation including automation, cloud, IoT and cybersecurity.

Talon Cyber Security

Talon Cyber Security

Talon delivers the leading enterprise browser designed to bring security to managed and unmanaged devices, regardless of location, device type or operating system.

Trusted Technologies and Solutions (TTS)

Trusted Technologies and Solutions (TTS)

TTS is a security consulting company specialised on business continuity and crisis management, information security management, information risk management and identity and access management.

vCISO Services

vCISO Services

vCISO Services is a small, specialized, veteran-owned firm focused on the needs of SMBs only.

UK Cyber Cluster Collaboration (UKC3)

UK Cyber Cluster Collaboration (UKC3)

UKC3 has been launched to support Cyber Clusters and encourage greater collaboration across regions and nations of the UK.

Flotek

Flotek

Flotek is an IT & Comms service provider delivering SMEs with trusted, innovative and cost effective cloud technology, with confidence, clarity and clout.

Prembly

Prembly

Prembly are a compliance and security infrastructure company.

RADICL

RADICL

RADICL's mission is to give SMBs that serve America's Defense Industrial Base (DIB) access to strong, enterprise-grade cyber security protection.

Myrror Security

Myrror Security

Myrror Security is a software supply chain security solution that aids lean security teams in safeguarding their software against breaches.

BTQ Technologies

BTQ Technologies

BTQ is a global quantum technology company focused on securing mission critical networks.

Softcell Technologies Global

Softcell Technologies Global

Softcell is one of India's leading System Integrators. We serve enterprise customers in the areas of IT Security, Mobility, Optimised IT Infrastructure, Cloud and Engineering Services.