Over the past few months there has been a downsizing in more than a few business verticals, Media and Entertainment, Mortgage and Finance, Crypto Currency, Software development, and security and IT operations sectors have all seen reductions in staff (to different degrees). Threat groups know about these reductions and use them as an opportunity. When they see losses reported attacks are increased as they know security and IT support staff are often the first things to be cut. The increase in supply chain attacks coincides with detections of new ransomware types, threat groups, and other malware that is being seen in the wild.
PyPI has not disclosed additional information about the increase in malicious users and projects. They are going to keep the freeze in place until they can get things under control. This might be a while as they stated they have a number of administrators “on leave” at the moment (hmm how about that timing). We move into the summer and more businesses streamline things due to budget cuts, we only expect attacks to ramp up. Stay safe out there.