Supply Chain Attacks: Risks in Software Dependencies

About 11 min read

A supply chain attack exploits trust relationships in the software development and distribution process to distribute malware through legitimate updates and libraries. According to Sonatype's 2024 report, open-source supply chain attacks increased 156% year-over-year, with over 700,000 malicious packages identified cumulatively. As of 2025, malicious code generation using AI and sophisticated backdoor insertion into legitimate packages have emerged as new threats. This threat, difficult to detect with conventional malware countermeasures, affects not only developers but all software users. Gartner predicts that 45% of all organizations will experience supply chain attacks by 2025, making preparedness urgent for individuals and organizations alike. This article explains the mechanisms of supply chain attacks through to organizational and individual defense strategies, with specific examples and data.

How Supply Chain Attacks Work

The Full Picture from the SolarWinds Incident

The SolarWinds incident discovered in 2020 was a landmark case that demonstrated the severity of supply chain attacks to the world. Attackers infiltrated SolarWinds' build system and embedded a backdoor (SUNBURST) in a legitimate update of the network monitoring software Orion. This update was installed by approximately 18,000 organizations, and about 100 organizations including US government agencies were actually compromised. The attackers only modified part of the build pipeline, leaving no traces in the source code repository, making it undetectable through code review. This incident highlighted the structural vulnerability that when the "chain of trust" in software is broken at even one point, all downstream users are affected.

npm / PyPI Dependency Poisoning

Attacks targeting package registries are a more common and frequent threat. In 2021, the npm package ua-parser-js (over 8 million weekly downloads) had its maintainer account hijacked, and a malicious version containing a cryptocurrency miner was published. On PyPI, approximately 450 typosquatting packages were discovered in 2023, distributing information-stealing code by targeting typos of legitimate package names.

Dependency poisoning techniques are mainly classified into three types. First, tampering with legitimate packages by hijacking maintainer accounts. Second, publishing fake packages through typosquatting (e.g., lodahs instead of lodash). Third, exploiting Dependency Confusion by registering packages with the same name as internal packages on public registries. When security researcher Alex Birsan demonstrated Dependency Confusion in 2021, he successfully achieved code execution on the build systems of over 35 companies including Apple, Microsoft, and PayPal.

Infiltrating CI/CD Pipelines

CI/CD pipelines are development infrastructure that automates code building, testing, and deployment, but they are high-value targets for attackers. In the 2022 Codecov incident, the CI tool's Bash Uploader script was tampered with, sending users' environment variables (API keys, tokens, credentials) to external servers. Cases of compromised third-party GitHub Actions have also been reported, and in 2024, the popular action tj-actions/changed-files was tampered with, affecting approximately 23,000 repositories. CI/CD pipelines are particularly dangerous because they have deployment permissions to production environments, meaning a compromise gives attackers direct access to production.

What Should You Actually Do?

Complete defense against supply chain attacks is difficult, but there are ways to significantly reduce risk. Individual users should enable automatic OS and app updates while waiting 1-2 days before applying major updates. Only install browser extensions and apps from trusted sources, and remove unnecessary ones. Developers should set unique passwords of 20+ characters with TOTP-based two-factor authentication on package registry accounts, and pin dependency versions to commit hashes.

Protecting Developer Accounts

Package Registry Accounts

Package registry accounts for npm, PyPI, RubyGems, etc. are the most targeted starting points for supply chain attacks. npm mandated two-factor authentication for maintainers of the top 500 packages from 2022, but it remains optional for other packages. Generate random passwords of 20+ characters with Passtsuku.com and always set up two-factor authentication with a TOTP app or hardware security key. SMS authentication is not recommended due to SIM swap attack risks.

Accounts with package publishing permissions require particularly strict management. For npm, use the `npm access` command to check which users have publishing permissions and promptly remove unnecessary permissions. When managing as a team, minimize the number of members with publishing permissions and require two-factor authentication for all publishing operations.

Protecting Source Code Repositories

GitHub and GitLab accounts have access not only to source code but also to CI/CD pipeline configurations and secrets, making the impact of a compromise extensive. According to GitHub's 2024 security report, account compromises through leaked tokens and passwords account for approximately 40% of repository-related incidents.

In addition to strong passwords generated by Passtsuku.com, the following settings are essential for repository protection: configure branch protection rules to prohibit direct pushes to the main branch; require at least one review approval for pull requests; require signed commits to detect commit tampering.

CI/CD Service Security

CI/CD services like GitHub Actions, CircleCI, and Jenkins store highly sensitive secrets such as deploy keys, API tokens, and cloud credentials. If these secrets are leaked, it directly leads to unauthorized access to production environments. Always store secrets in the CI/CD service's encrypted secret store and configure them not to appear in logs. For GitHub Actions, it is important to set `GITHUB_TOKEN` permissions to minimum and explicitly specify only required permissions with the `permissions` key.

When using third-party CI/CD actions and plugins, pin versions to commit hashes. Specifying by tag or branch name carries the risk of tampering through tag reassignment. For managing API keys and tokens in CI/CD pipelines, see also API key management best practices. To systematically learn about developer account protection, developer account security and package registry protection guides (Amazon) are helpful.

Organizational Defense Strategies

Leveraging SBOM (Software Bill of Materials)

SBOM (Software Bill of Materials) is a document that lists all components and their dependencies contained in software. In the US, Executive Order 14028 of 2021 mandated SBOM provision for software delivered to the federal government. By creating and managing SBOMs, you can quickly identify affected systems when vulnerabilities are discovered in libraries in use.

There are two standard SBOM formats: SPDX (Linux Foundation) and CycloneDX (OWASP). In npm, you can generate a CycloneDX format SBOM with the npm sbom --sbom-format cyclonedx command. It is recommended to regularly cross-reference generated SBOMs with vulnerability databases (NVD, OSV) to detect components containing known vulnerabilities. Combining this with open source security auditing enables more systematic management of dependency safety. Note that SBOMs are static snapshots, so they need to be regenerated with each build to maintain currency.

Code Signing and Verification

Code signing is a mechanism for verifying the author of software and whether it has been tampered with. The Sigstore project is gaining attention as infrastructure that provides free signing for open-source software. npm has supported Sigstore-based provenance since 2023, enabling cryptographic verification of which repository and commit a package was built from. You can verify signatures of installed packages with the `npm audit signatures` command.

cosign (Sigstore) is widely adopted for signing container images. By signing images published to Docker Hub or GitHub Container Registry and verifying signatures at deployment, you can prevent execution of tampered images. In Kubernetes environments, combining with policy engines like Kyverno or OPA Gatekeeper enables automatically blocking deployment of unsigned images.

Principle of Least Privilege

To minimize damage from supply chain attacks, the principle of granting only the minimum necessary permissions to each component is important. Grant CI/CD pipeline service accounts only the permissions needed for deployment, not administrator privileges. For AWS, specify concrete resource ARNs and actions in IAM policies and avoid using wildcards.

Permissions for dependency packages should also be restricted. In Node.js, the `--experimental-permission` flag for restricting network and filesystem access at runtime has been available since v20. Deno is sandboxed by default, requiring explicit permission for network and filesystem access. By leveraging these mechanisms, even if a malicious package is included, the scope of damage can be limited.

Measures Individual Users Can Take

Supply chain attacks are not just a problem for developers and organizations. All software users can potentially be affected. Here is a summary of measures you can take as an individual user.

First, enable automatic updates for your OS and applications. However, for major updates, exercise caution by waiting 1-2 days before applying rather than immediately after release. There have been cases where malicious code was included in legitimate updates, with issues discovered shortly after release and corrected versions released. Make it a habit to back up important data before applying updates.

Avoid browser extensions and smartphone apps with low install counts or few reviews, and verify the developer's credibility before installing. In 2023, approximately 34,000 malicious extensions were removed from the Chrome Web Store, showing that even official stores are not necessarily safe. Please also check browser extension security. Promptly remove extensions and apps you no longer use to reduce the attack surface.

Setting unique strong passwords for each service with Passtsuku.com and enabling two-factor authentication also serves as indirect defense against supply chain attacks. This aligns with the Zero Trust security principle of "never trust, always verify." Even if attackers infiltrate a service provider's system and steal password hashes, sufficiently long random passwords are extremely difficult to crack offline. Set passwords that show 100 bits or more of entropy on Passtsuku.com's strength meter. To understand the full picture of supply chain attacks, supply chain attack case studies and defense strategies (Amazon) are helpful.

Supply chain attacks are a threat that shakes the very trust model of software. While complete defense is difficult, combining SBOM visibility, code signing verification, thorough least privilege, and individual-level account protection can significantly reduce risk. Because software dependencies are hard to see, a conscious approach to managing and regularly reviewing them is essential.

Take Action Now

1. Enable automatic OS and app updates and promptly apply security patches (wait 1-2 days for major updates)
2. Review browser extensions and remove unnecessary ones (Chrome: check at chrome://extensions)
3. Developers: set unique passwords of 20+ characters generated by Passtsuku.com for npm / PyPI / GitHub accounts and enable TOTP-based two-factor authentication
4. Set unique passwords for each service with Passtsuku.com to prepare for potential password hash theft from supply chain attacks

Frequently Asked Questions

What is a supply chain attack?

It is an attack method that infiltrates the development or distribution process of software or hardware to embed malware in legitimate products or updates. Detection is extremely difficult because users trust the source.

How can I protect myself from supply chain attacks?

Verify that software updates come from legitimate sources and make it a habit to check digital signatures. Minimize the number of tools and libraries you use, and regularly check security advisories.

Are there examples of supply chain attacks that caused major damage?

The 2020 SolarWinds incident is a prominent example. A backdoor was inserted into a legitimate update of network management software, affecting thousands of organizations including US government agencies.