Software supply chain attacks have become increasingly popular amongst all kinds of cybercriminals. Although origianlly used by cyberespionage threat actors, the attacks have become attractive to cybercriminals who are seeking to compromise hundreds of thousands of computers with a single operation that will spread. The software supply chain attack threat tripled between 2020 and 2021, according to security researchers. In this type of attack, a threat actor targets software repositories in order to spread malware hidden in the legitimate software. Cisco Talos researchers have analyzed the most frequently used code repositories to monitor how difficult it would be for an attacker to gain access to a developer account and change the source code to include malicious content.
Developer and maintainer accounts should have proper protections in place to be secure from account takeover. Developers should enable mandatory multi-factor authentication for all code repositories. Some repositories have already enforced this policy, but it typically only applies to top developers. The code should also not reveal or contain email addresses belonging to developers or maintainers. In addition, code singing keys should also be deployed and organizations should carefully analyze the software they are using to avoid being infected my malicious code. Finally, all new software updates should be reviewed before deployment.