The barrier to software supply chain attacks was lowered in 2023, and it is likely to continue to come down in 2024. Less sophisticated cyber actors are in search of unobstructed pathways into sensitive IT environments to steal sensitive data, deploy ransomware and other malware, or cause disruptions. The abuse of weak links in software supply chains supported both targeted- and indiscriminate campaigns in the last year. That is according to an analysis of software supply chain threats to proprietary, commercial, and open source code by ReversingLabs.
The proliferation of supply chain attacks in 2023 comes amid steady growth in the number of malicious packages detected on popular, open-source platforms such as npm and the PyPI. ReversingLabs saw a 28% increase in malicious packages spread across those two open-source repositories through the first nine months of 2023 compared with all of 2022. That growth is the latest evidence for a multiyear explosion in software based threats facing development organizations.