Phylum Cybersecurity’s CEO, Aaron Bray, has observed a significant shift in the cybersecurity landscape over the past four years, particularly during the global pandemic. The rapid digital transformation and the widespread adoption of remote workforces have presented organizations with new security challenges. While the attack surface has expanded and the traditional on-premise security model has evolved, many organizations have not yet adjusted their security posture to effectively defend against modern threats.
In the past, organizations primarily relied on traditional, on-premise workforces with centralized domain controllers and system administrators. This made the system administrators the primary targets for potential attackers, as compromising an account with domain administrator privileges would grant access to virtually anything connected to the network. The security posture of these organizations was largely managed by security staff, executives, and system administrators, making them the key defenders against potential breaches.
However, the modernized organizations have seen a dramatic shift in their attack surface as business-critical assets have been shifted to the cloud, and employees are now working remotely. Furthermore, many organizations are leveraging third parties to handle core IT functions, and development processes have migrated to continuous integration and deployment. These changes have fundamentally altered the access vectors and reduced the rewards for attackers, making it more challenging to compromise systems and gain broad access within organizations.
The shift in targets has also been influenced by the rise of open source software (OSS) as a major access vector for attackers. Despite the numerous benefits of OSS, including cost reductions and faster development, it also introduces new security risks. As software projects increasingly depend on thousands of third-party OSS packages, the potential for vulnerabilities and malicious activities has increased. Security practitioners are faced with the daunting task of managing a complex web of software packages maintained by individuals with no formal relationship with their organization.
Phylum’s research reports for Q1 and Q2 have highlighted an uptick in incidents where bad actors have been targeting software developers and CI/CD infrastructure with spam or actively malicious packages. The sheer volume of packages being published on a daily basis, combined with the limited resources available for managing and vetting these packages, has created significant vulnerabilities within the open-source ecosystem.
Overall, the changing cybersecurity landscape has led to a fundamental shift in the threat model, with attackers capitalizing on the expanded attack surface and targeting modernized organizations through open source software ecosystems. It is crucial for organizations to prioritize security and implement effective measures to mitigate these evolving risks. Failure to do so could result in undetected breaches and potential security breaches. As the cybersecurity landscape continues to evolve, it is imperative for organizations to adapt and enhance their security posture to effectively defend against modern threats.