As we bid goodbye to 2021, the year saw tremendous shifts that persuaded enterprises to adopt new strategies to strengthen their cybersecurity strategies. Adversaries continued to enhance their methods to work smarter and move faster to scale attacks, extend deeper into supply chains and cause greater damage. We have observed early glimpses of evolving attacker innovation, each with the potential to significantly alter the cybersecurity landscape over the next 12 months. Digital economy runs on open source software (OSS) — it’s flexible, scalable and harnesses collective community power to spark new innovations. But countless “open” and “free” OSS libraries also mean a dramatically expanded attack surface and a way for threat actors to automate their efforts, sidestep detection and do more harm.
In 2022 we can expect attackers to continue looking for new ways to compromise open source libraries. Organizations, therefore must remain observant, as these subtle attacks will rarely send up signals, making them extremely difficult to spot — especially because such libraries are deployed into the pipeline as part of legitimate day-to-day operations, and in many cases, may look benign as the malicious code is downloaded as a dependency. Since these automated attacks are easy and quick to execute with a very limited signature, they will become even more frequent, sudden and damaging.