where threat actors used a tactic called typosquatting to execute the attack. What is typosquatting, and how did the threat actors use it in this case?
Typosquatting is a variant of cybersquatting where the typosquatter registers potential input errors for common URL searches in the hopes that an individual will incorrectly type their desired URL into the search bar. The typosquatter will then monitor how many clicks their typo receives and, if it has a high volume of traffic, they will sell that information. Typosquatting can bring in advertising revenue by selling ads to the original site's competition or via redirect pages from the typo.
NPM (node package manager) disclosed that malicious software was published through its code repository using typosquatting. NPM said the malicious software was detected because software using the malicious library reached out to a malicious website where additional functionality was available for download.
However, in the incident NPM disclosed, the attacker used typosquatting to post code that resembled legitimate software names under project names on the NPM registry. Since this is a general typosquatting attack, it could be found in other software development environments.
This general typosquatting attack can be detrimental to developers who want to find a software project in the NPM registry. The developer might have two or more similarly named projects to search or choose from and, if they choose incorrectly, malicious libraries could be included. This is an easy way to attack software developers because it is sometimes difficult to identify which library or software to use when you are just looking at the title of an application or tool.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Nick Lewis
Enterprises have many options for email security best practices, ranging from deploying email security protocols to educating end users on the ... Continue Reading
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.