News

News

PyPI Stops New Users and Uploads to Deal with Malicious User Increase

Details
Sean Kalinich
Hits: 836

PyPI (the Python Package Index) has stopped allowing the creation of new accounts and the upload of new packages. This move has been put in place to deal with a massive increase in identified malicious users and packages. This decision comes as other repositories like NPM and even Microsoft VSCode have identified new malware posing as well-known projects. Supply chain attacks and typo-squatting are not really a new thing and increases in attacks on repositories often happen on a fairly regular basis. However, the increase across three popular repos can been seen as a larger threat when put in context of the general IT market.

Over the past few months there has been a downsizing in more than a few business verticals, Media and Entertainment, Mortgage and Finance, Crypto Currency, Software development, and security and IT operations sectors have all seen reductions in staff (to different degrees). Threat groups know about these reductions and use them as an opportunity. When they see losses reported attacks are increased as they know security and IT support staff are often the first things to be cut. The increase in supply chain attacks coincides with detections of new ransomware types, threat groups, and other malware that is being seen in the wild.

PyPI has not disclosed additional information about the increase in malicious users and projects. They are going to keep the freeze in place until they can get things under control. This might be a while as they stated they have a number of administrators “on leave” at the moment (hmm how about that timing). We move into the summer and more businesses streamline things due to budget cuts, we only expect attacks to ramp up. Stay safe out there.

No comments

Leave your comment

In reply to Some User

Follow Us

Follow DecryptedTech on Social Media

facebook twitter linkedin