Open Source Summit Europe 2022

Widespread use of open source software has motivated malicious actors to take advantage of the medium, spawning significant and widespread attacks. To be able to identify these threats at scale we automated this process and would like to present and share some open source tools to detect those attacks. RED LILI This is the largest batch of malicious packages from a single threat actor (1500 packages and still counting ). We will dive into the attack and discuss the infrastructure required for such attacks. To keep track of RED-LILI as they continue to publish malicious packages, our research team has launched RED-LILI Tracker (https://red-lili.info) UA-Parser (Good package gone BAD) An attacker comprised a legitimate account of a popular open-source contributor. We will dive into the attack and TTPs used (Account Takeover) and will discuss Chain alert Free service for the open-source community to alert on those attacks. Protestware A pro-Ukraine NPM user account riaevangelist released several new versions of its popular package “node-ipc” (over million weekly downloads ), which included a wiper functionally targeting Russian and Belarusian IP addresses and running a malicious payload, destroying all files on disk by overwriting their content with a heart emoji “❤️” .