Introduction:

Researchers have discovered what they believe are the first open-source software supply chain attacks targeted at the banking industry. The attacks, which were carried out by two different threat actors, involved the use of malicious code that was embedded in popular npm packages.

What are Open-Source Software Supply Chain Attacks?

Open-source software supply chain attacks are a type of cyberattack in which malicious code is introduced into open-source software that is then used by other developers. This can happen in a number of ways, such as through the uploading of malicious code to an open-source repository, or through the exploitation of vulnerabilities in open-source software.

How Did the Attacks Work?

In the first attack, the threat actor uploaded a malicious npm package that was named after a legitimate package that was used by the target bank. When the victim bank installed the malicious package, it was able to download and install a second-stage payload that gave the attacker control of the victim’s computer.

In the second attack, the threat actor uploaded a malicious npm package that was designed to intercept login credentials for the target bank’s website. When a victim visited the website and logged in, the malicious code would steal their credentials and send them to the attacker.

What Are the Implications of These Attacks?

These attacks highlight the growing threat of open-source software supply chain attacks. As more and more businesses rely on open-source software, it is becoming increasingly important for them to take steps to protect themselves from these types of attacks.

How Can Businesses Protect themselves from Open-Source Software Supply Chain Attacks?

There are a number of steps that businesses can take to protect themselves from open-source software supply chain attacks. These include:

  • Only using trusted npm packages. Businesses should only use npm packages that have been vetted by a trusted third party.
  • Keeping their software up to date. Businesses should keep their software up to date with the latest security patches.
  • Using a software composition analysis (SCA) tool. SCA tools can help businesses to identify and track the open-source software that they are using.

Conclusion

The attacks on the banking sector highlight the growing threat of open-source software supply chain attacks. Businesses need to take steps to protect themselves from these types of attacks by using trusted npm packages, keeping their software up to date, and using a SCA tool.