[CyberThreat] Supply chain attack - Dependency confusion
A Threat to Software Supply Chain Security
Dependency confusion attacks have emerged as a significant threat to software supply chain security in recent years. These attacks exploit a vulnerability in the way that software dependencies are managed, which can be used to inject malicious code into legitimate software packages. In this article, we'll explore what dependency confusion attacks are, how they work, and what organizations can do to protect themselves from this type of threat.
What is a Dependency Confusion Attack?
A dependency confusion attack is a type of software supply chain attack that exploits the way that software dependencies are managed. Most modern software is built using a variety of third-party libraries and modules, which are often pulled in from public repositories like npm, PyPI, and Maven. These repositories typically rely on package names to identify and manage dependencies.
In a dependency confusion attack, an attacker creates a package with the same name as a legitimate package in a public repository, but with a higher version number. When an organization's build system attempts to download the latest version of the legitimate package, it inadvertently downloads the malicious package instead. This can lead to the injection of malicious code into the software being built.
How Does a Dependency Confusion Attack Work?
Dependency confusion attacks work by exploiting the way that software dependencies are managed. In most cases, when a software package is built, the build system will automatically download any required dependencies from a public repository. However, if a dependency is not available in the public repository, the build system may attempt to download the dependency from an internal repository or a file share.
In a dependency confusion attack, an attacker creates a package with the same name as a dependency that is expected to be downloaded from an internal repository or file share. The attacker then uploads the malicious package to a public repository with a higher version number than the legitimate package.
When the build system attempts to download the latest version of the legitimate package, it inadvertently downloads the malicious package instead. This can lead to the injection of malicious code into the software being built, which can be used to steal sensitive data, compromise systems, or launch other attacks.
How Can Organizations Protect Themselves from Dependency Confusion Attacks?
To protect against dependency confusion attacks, organizations should implement a range of security measures. These may include:
Maintaining an inventory of all software dependencies, including the repository location and version number.
Limiting the sources from which software dependencies can be downloaded.
Verifying the authenticity of software dependencies by using cryptographic hashes or other measures.
Implementing a strong access control policy for software repositories to prevent unauthorized access.
Ensuring that all software dependencies are validated and signed by a trusted party.
Monitoring for suspicious activity, such as unexpected downloads or changes to software dependencies.
Supply Chain attack - PyTorch Story
Users who installed nightly builds of the PyTorch machine learning framework during the week between Christmas and New Year's Eve may have received a rogue package that siphoned sensitive data from their systems. The problem arose from a form of attack called "dependency confusion" that still affects package managers and development environments. PyTorch developers issued a security advisory, warning users to uninstall PyTorch nightly and torchtriton packages, which may have been contaminated, and to use a newer version that was released after December 30, 2022.
PyTorch, a machine learning library used in computer vision and natural language processing, is an open-source project managed by the PyTorch Foundation. The software is typically installed via pip, which uses the Python Package Index (PyPI) as its primary repository. However, pip also allows users to specify additional repositories, a feature commonly used by organizations to house internally developed components that are not intended for public use.
PyTorch's installation process involves downloading additional packages, including a library called torchtriton, which was hosted on PyTorch's nightly build index. However, an attacker uploaded a malicious package with the same name on PyPI, a public repository. As a result, pip was tricked into downloading the rogue package. The malicious package was designed to extract sensitive data from the user's system, including hostnames, usernames, working directories, environment variables, and SSH keys. All this information was sent to a remote server via encrypted DNS queries.
The PyTorch maintainers released a command to help users detect whether the malicious torchtriton version was present on their systems. They advised admins to remove it immediately and change any potentially compromised credentials or keys. PyTorch removed its dependency on torchtriton and replaced it with a renamed version of the package. PyTorch also registered the new name on PyPI to prevent a similar attack in the future.
Based on automated tracking by supply chain security Snyk, the malicious torchtriton package was downloaded 2,717 times. The PyTorch maintainers have removed all PyTorch builds that rely on the torchtriton dependency from distribution, and the torchtriton package has been removed from PyPI. However, dependency confusion remains a risk for other package managers as well, including npm. Npm introduced the concept of "scope," which enables organizations to bundle their packages together under a common namespace.
Conclusion
Dependency confusion attacks are a growing threat to software supply chain security. By exploiting the way that software dependencies are managed, attackers can inject malicious code into legitimate software packages, leading to data theft, system compromise, and other security breaches. To protect against this type of threat, organizations should implement a range of security measures, including maintaining an inventory of all software dependencies, limiting the sources from which dependencies can be downloaded, and verifying the authenticity of software dependencies. By taking a proactive approach to software supply chain security, organizations can reduce their risk of falling victim to a dependency confusion attack.
A.I. support for text and images
