Last month, I linked to a deviously simple attack vector which swaps internal packages for same-named public ones. It has been several weeks since that demonstration, which showed that even big companies like Apple and Microsoft were vulnerable before they made changes. So, how is it going?
Ax Sharma of Sonatype, a company that sells software supply chain security products:
This week, a vigilante actor flooded PyPI and npm repositories with nearly 5,000 dependency confusion packages.
Just a day has elapsed since Sonatype discovered and reported on malicious dependency confusion packages that targeted Amazon, Zillow, Lyft, and Slack, and we are now seeing these packages appear in PyPI and npm claiming to “make everyone pay attention to software supply chain attacks, because the risks are too great.”
To be clear, these are not malicious packages in the sense that they are exfiltrating scores of sensitive data or planting shells in these companies’ servers. They are packages used to demonstrate the risks many companies face by not carefully limiting their dependency sources, and to collect bug bounties. Still, in Alex Birsan’s report last month, he said that he often received the maximum bounty available, indicating that many companies consider this a high-risk problem. Sure seems like something that would engender a speedier timeline for prevention.