{"id":120354,"date":"2021-03-08T20:25:46","date_gmt":"2021-03-09T04:25:46","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2021\/03\/a-new-type-of-supply-chain-attack-with-serious-consequences-is-flourishing"},"modified":"2021-03-08T20:25:46","modified_gmt":"2021-03-09T04:25:46","slug":"a-new-type-of-supply-chain-attack-with-serious-consequences-is-flourishing","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2021\/03\/a-new-type-of-supply-chain-attack-with-serious-consequences-is-flourishing","title":{"rendered":"A new type of supply-chain attack with serious consequences is flourishing"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/a-new-type-of-supply-chain-attack-with-serious-consequences-is-flourishing.jpg\"><\/a><\/p>\n<p>A new type of supply chain attack unveiled last month is targeting more and more companies, with new rounds this week taking aim at Microsoft, Amazon, Slack, Lyft, Zillow, and an unknown number of others. In weeks past, Apple, Microsoft, Tesla, and 32 other companies were targeted by a similar attack that allowed a security researcher to execute unauthorized code inside their networks.<\/p>\n<p>The latest attack against Microsoft was also carried out as a proof-of-concept by a researcher. Attacks targeting Amazon, Slack, Lyft, and Zillow, by contrast, were malicious, but it\u2019s not clear if they succeeded in executing the malware inside their networks. The npm and PyPi open source code repositories, meanwhile, have been flooded with more than 5000 proof-of-concept packages, according to Sonatype, a firm that helps customers secure the applications they develop.<\/p>\n<p>\u201cGiven the daily volume of suspicious npm packages being picked up by Sonatype\u2019s automated malware detection systems, we only expect this trend to increase, with adversaries abusing dependency confusion to conduct even more sinister activities,\u201d Sonatype researcher Ax Sharma <a href=\"https:\/\/blog.sonatype.com\/pypi-and-npm-flooded-with-over-5000-dependency-confusion-copycats\">wrote<\/a> earlier this week.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new type of supply chain attack unveiled last month is targeting more and more companies, with new rounds this week taking aim at Microsoft, Amazon, Slack, Lyft, Zillow, and an unknown number of others. In weeks past, Apple, Microsoft, Tesla, and 32 other companies were targeted by a similar attack that allowed a security [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,6,1491],"tags":[],"class_list":["post-120354","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-robotics-ai","category-transportation"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/120354","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=120354"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/120354\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=120354"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=120354"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=120354"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}