Last week I reported on the issues the PyPi python code repository was having with security, including closing it’s doors to new custom and at last implementing compulsory multi-factor authentication for its users. PyPi still has one lesson for us.
We all need to use industry standard anti-virus solutions on endpoints, servers, email etc (we still find that the occasional new client is using a free option!) but the threat actors can manipulate that protection.
Because they can reverse engineer the anti-virus packages they know what they are scanning for so the malicious code evades detection. It is then a race for the AV vendors to realise that malware is not being scanned for and fix it. But if that malware is mixed into legitimate code, which itself is then built into legitimate applications whish the user happily installs, the detection process becomes even more difficult:
PyPI malware ramps up the threat to the code repository • The Register
Your takeaway from the PyPi python code repository problem
- Use a really good anti-virus solution and back that up with staff training.
- If you have custom applications or web code, carry out due diligence on those writing the code for you.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
PyPi. I wrote about code supply chain compromise last week…
PyPi software repository takes the most basic of security steps…