This campaign highlights two problems for the cybersecurity space – the increase in the frequency and sophistication of phishing as well as the increase in automated attacks. As time has gone on, the sophistication of phishing campaigns has increased significantly, with the interactive chat dialogue being an example from this campaign. This sophistication has allowed phishing campaigns to be much more successful, and in turn has led to an increase in the frequency of phishing attacks by other actors, causing phishing to become one of the primary tactics used for initial access. This increase also causes many users to become fatigued by the amount of phishing emails they receive, which also results in more successful campaigns. When these problems are coupled with automation, the problem is then increased tenfold, as an attacker can flood emails, package repositories, or other sites with malicious links on a schedule, or at an abnormal volume, making them harder to detect and remove in a reasonable amount of time, causing fatigue to blue teams as well. For organizations, the best control against activity such as this would be to monitor for mass account creations and to monitor for large spikes in site activity.
How 140k NuGet, NPM, and PyPi Packages Were Used to Spread Phishing Links
