Cybercriminals are launching supply chain attacks every two days in 2024, with one operation alone compromising 22,000 PyPI software packages used by developers worldwide, according to new research from Positive Technologies.
The large-scale attack, dubbed “Revival Hijack,” exploited policies around removed packages to secretly inject malicious code into software updates, catching users unaware as they routinely updated their systems, the cybersecurity firm’s Q3 2024 threat analysis revealed.
Overall attacks against organisations and individuals jumped 15 per cent year-on-year, with criminals increasingly targeting IT specialists through sophisticated schemes including fake job interviews and malicious advertisements. Remote access trojans and ransomware were the primary weapons, each used in 44 per cent of attacks against organisations.
“By using IT specialists as a point of entry, cybercriminals can infiltrate software supply chains and cause irreparable damage to numerous organisations,” said Valeriya Besedina, junior information security analyst at Positive Technologies.
The success rate of these attacks proved alarming, with 79 per cent resulting in compromised computers, servers, and network equipment. More than half of successful breaches exposed confidential data, while 32 per cent disrupted core business operations.
Attackers deployed popular trojans including AsyncRAT, XWorm, and SparkRAT, often spreading them through phishing emails disguised as invoices targeting manufacturing companies, banks, healthcare providers, and software developers.
The report highlighted how cybercriminals are becoming more sophisticated in their distribution methods, promoting malicious websites to the top of search results to spread various forms of spyware including DeerStealer, Atomic Stealer, and Poseidon Stealer.
Social engineering remained a critical threat, featuring in 92 per cent of attacks on individuals and half of all organisational breaches. Email was the primary attack vector against organisations, used in 88 per cent of cases, while websites were used in 73 per cent of attacks on individuals.
The findings underscore the growing sophistication of supply chain attacks and their potential to cause widespread damage through compromised software distributions.
Follow us on
