Supply-chain attack against open source projects could have big impact

Open-source security scanners are the latest targets for supply-chain attack actors.

Aqua Security, the company that maintains Trivy, an open-source vulnerability scanner, was reportedly targeted by a hacker group known as TeamPCP on March 19. The threat actors injected credential-stealing malware into Trivy through GitHub Actions and container images, cloud security company Wiz shared in a post.

Cory Michal, VP of security at SaaS company AppOmni, told IT Brew that, because Trivy is commonly used in software-development pipelines to check for vulnerabilities before pushing to production, attackers can access and steal code at a sensitive point in the development process.

“This [malware] got pushed to thousands of organizations, a lot of open-source projects, things like that,” Michal said. “What happened is, when that code ran in their build pipeline, it stole all those credentials. Now the attacker is going through and leveraging those credentials.”

Randall Degges, VP of AI engineering and developer relations at Snyk, told IT Brew that there’s not a good handle on how many projects are compromised—while Charles Carmakal, chief technology officer of Mandiant Consulting, told reporters that over 1,000 SaaS environments are actively dealing with this threat campaign and potential downstream victims could go into the thousands.

Wait, what just happened? In addition to Trivy, TeamPCP targeted other popular open-source projects on GitHub, including LiteLLM and Telnyx. The compromised scanners and software hosted on the Python Package Index (PyPI) are automated tooling used to conduct vulnerability assessments in code.

Degges said that millions of users download the impacted open-source code.

“You can do the math, there’s a whole lot of compromised people,” Randall said. “These things tend to have compounding effects for the ecosystem…they’re really hard to prevent, they’re very subtle, and they cause absolute havoc for everyone.”

Isaac Evans, CEO and co-founder at Semgrep, a software security organization that provides an open-source security analysis tool, said that when he discovered TeamPCP’s actions on GitHub, he alerted his team “because clearly there’s a pattern here where they’re going after security companies that have open-source scanners.”

“I feel like the security companies are now part of an interconnected web of software where the utility of reusing code written by other people is so high that we see instances for customers where 99% of their application code is third-party code,” Evans said.

What should developers do to protect themselves? Degges said that, while there’s no way to completely prevent these kinds of attacks, developers should wait to download newly updated open-source packages until they are at least a week old. Within that timeframe, he added, security researchers will have found or fixed major issues.

Michal also suggested that developers implement a waiting period if there isn’t a review process before “pulling new [packages] in,” and that they should place packages into a “purgatory”—or a place before the packages are introduced into the ecosystem—where professionals can review them “or just let them sit for a little bit before you authorize them to be used in your environment.”

Michal said that this is to run various security tools on the packages, and make sure there are no backdoors for attackers before approving them.