A novel form of software supply chain attack has been uncovered by ethical hacker Alex Birsan, who reportedly managed to breach the systems of numerous major tech companies, including Microsoft, Uber and Tesla, by taking advantage of a concept known as ‘dependency confusion’.

The new attack vector is particularly worrying as, unlike traditional typosquatting or brandjacking supply chain attacks, the targeted companies are said to have automatically downloaded the malicious packages and the breach did not require social engineering or human error to infiltrate private repositories.

Sonatype’s automated malware detection systems, part of Nexus Intelligence, flagged the malicious packages in question as suspicious back in 2020. Sonatype CTO Brian Fox has long lamented the lack of proper name-spacing requirements in open-source ecosystems, citing them as a potential cause of dependency hijacking attacks. With some of the world’s largest companies seemingly at risk, and in the wake of the SolarWinds incident, software supply chain security should be front of mind for businesses, he says.

“This software supply chain attack, where security researcher Alex Birsan took advantage of a concept known as dependency confusion or namespace confusion within open-source ecosystems, was quite simple, yet a clever way to gain access to systems in over 35 tech companies.

“The ability to do this comes essentially from a design flaw in the way some open-source ecosystems like npm work and subverts a basic pattern in the Java world,” adds Fox. “In npm, there are no checks of namespace or coordinate authenticity, which means anyone can publish a component to npm with any name. Additionally, it is very common in the npm ecosystem to depend on the ‘latest’ version, which means the build tool tries to determine automatically what the latest, or highest, version number of a given component is.

“The important thing to understand here is that the researcher figured out what the internal names of components for these companies were, and published components with the same name to the public npm registry,” he states. “They used a very large version number, which tricked their tooling to download the ‘latest’ version from outside the organisation, as opposed to the internal copies they actually wanted. The targeted companies automatically received Birsan’s malicious and counterfeit packages without them making any spelling mistakes, or any social engineering involved, that we see in typical brandjacking or typosquatting.

“While the attack may feel novel, we have been saying that this could be a possibility for years, because there is no verification of ownership within many of these ecosystems and its common practice for developers to ask for the latest version.”

There is no easy fix, says Fox, as this is a design flaw in the very system of these dependency ecosystems. “They work like this, because it was done to lower the barrier for developers to publish their packages. But, as we can now see, as the ecosystems have matured and are now critical infrastructure for any organisation, bad actors are exploiting that ease of access.”