As BleepingComputer reported, an American developer added malicious code to a popular open-source package. He
At the same time, the number of crash reports on GitHub (the largest collaborative IT project development service) skyrocketed.
Source: GitHub
What's going on in the developer community and how dangerous is it?
There are popular open-source libraries -open and free software, which is used by many Russian companies. Now these libraries have begun to receive regular updates that contain malware. Some simply contain political slogans that are printed to the console for developers. It is not yet clear whether these are attackers who distribute malware in order to obtain a ransom, or independent activists who want to express a political position in this way.
Source: BleepingComputer. Roskomnadzor notes that the special operation in Ukraine is not an "attack, invasion or war."
A large number of open-sourceRussian business systems. Malicious software can permanently encrypt the entire file system of a developer's servers or workstation. Attackers can gain remote access to developer systems or compromise servers running applications. This can lead not only to large financial and reputational losses, but also to a halt in production, sales, logistics and other business processes.
In modules that distribute malwareprograms now, various programming languages are used: PHP, JS and others, so the Russian community has urgently formed an open database where packages that distribute malware and calls are collected. Of course, this is a weak measure of protection. Library updates are constantly released, and some packages may simply not be in the table.
Source: Tehdir Club
A similar problem appeared long before the sanctions,but this was done only by malefactors in order to obtain a ransom. Now the situation has acquired a political character and has become much larger. Some packages with malware do not apply to everyone, but only to those whose geographic IP address matches Russia, and the system language is Russian.
What can developers do to protect their systems?
The main recommendation for everyone now isrecord the current versions of libraries; when updating packages and using new ones, it is necessary to conduct a manual review and examine the commits (code changes) affecting the updates. In the event that the end user receives infected, malware, he has two possible protection vectors:
- At the network levelprotection involves checking downloadeduser from external sources of files and applications, blocking downloads if a threat is detected. If the user does install and launch malware, the protection should block its operation and distribution throughout the internal network.
- At the end device levelantiviruses and advanced anomaly-monitoring systems should ensure that potentially malicious software is identified and blocked.
The second line of defense is backupdata in case of destruction or encryption. The company must have a regulated process that determines what software should be installed by users, and a backup system.
The backup server must be provided with a separatea protective loop so that when the network is infected, malware cannot get to the backup copy from it. You can significantly increase security in a two-loop redundancy scheme, in which the backup, in turn, is configured for regular backups to a server that is physically isolated from the main network.
The human factor is no less important.Security professionals must ensure that instructions are followed by users and employees. During the onboarding process, a new employee must be familiarized with all the policies and regulations of the company and required to comply with them.
What's the bottom line?
In fact, similar precedents with the spherecybersecurity issues are not uncommon, it’s just that these phenomena were not so widespread before. Attacks on software vendors and vendors of various systems are called Supply chain attacks - attacks on the supply chain and have been one of the most important security problems for the past few years.
Hackers prefer not to complicate, but to findthe most vulnerable target. There is no need to "frontal assault" open the protection of the bank's servers and "fight" with its security systems, if you can attack, for example, a library that is used in an online banking application and introduce a vulnerability into it that will open access to the infrastructure. Since the company cannot control the suppliers, there is no 100% way to protect against such threats.

It is possible that mass failures in the operation of systems will teach the Russian IT community to take security problems of their infrastructure more seriously and more closely.
You can still reduce the chance of an attack.The main goal of defense should be to stop the attack at an early stage before the attacker can gain a foothold inside the infrastructure and cause damage. It is worth paying attention to the process of responding to incidents. Develop and communicate to all employees a document that tells how to respond to emergency situations. For example, who to report if you find unfamiliar files on your work computer, if the system behaves strangely, or if you receive a link to an external source. The latter can be sent, for example, from a colleague whose account was hacked by attackers.
Read more
"James Webb" took the clearest photo of a star in history
Developments of Moscow radiologists on AI became the basis of federal standards
Quantum charging will allow record-breaking fast charging of electric vehicles