The Python software supply chain is a prime target
The more popular the software ecosystem, the more likely it will be targeted. As Python’s popular ascent continues, so will attacks on its ecosystem. And these will come on many fronts, both direct and indirect.
What makes Python particularly susceptible isn’t only its popularity but its unique place in the software ecosystem. Python plays at least two key roles that make it an appealing vector for compromises:
Process automation: Python is often used to stitch together multiple parts of a project by providing a common foundation for things like running tests or performing intermediate build steps. If you hijack a project’s automation tool, you can compromise every other aspect of the project by proxy. The GitHub Actions compromise offers a template for future attacks: Exploit a little-scrutinized aspect of software delivery automation and take control of some aspect of the project’s management.
Machine learning/AI: More businesses are adding AI to their product portfolios or internal processes, and Python’s ecosystem offers ways to develop both end-facing products and a convenient playground for experimenting with AI technology. A compromised machine learning library could have wide-ranging access to a company’s internal resources for such projects, like proprietary data used to train equally proprietary models.
The Ultralytics attack was relatively unambitious, with its payload being a cryptominer and thus easy to detect forensically. But more ambitious compromises can deliver advanced persistent threats into infrastructure. Python’s growing prominence, what it does, and what it’s meant to accomplish will make it more of a target going forward.