As Malicious Open Source Packages Proliferate, Checkmarx Announces Supply Chain Threat Intelligence for Faster, Easier Identification of Potential Threats

3 min.

January 31, 2023

First-to-market open source threat intelligence API reveals adversarial tactics, techniques and procedures (TTPs), incorporating the 150,878 malicious packages discovered by Checkmarx Labs in 2022 and providing constant updates   

 ATLANTA, GA – January 31, 2023Checkmarx, the global leader in developer-centric application security solutions, announced today the immediate availability of Supply Chain Threat Intelligence™, which delivers detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, malicious behavior and more.

Based on proprietary research by Checkmarx Labs, Supply Chain Threat Intelligence offers:

  • Identification of malicious packages by attack type such as dependency confusion, typosquatting, chainjacking and more
  • Analysis of contributor reputation through identification of anomalous activity within open source packages
  • Intelligence on the malicious behavior of packages, including static and dynamic analysis to understand how the code runs
  • A data lake that allows the ongoing analysis of packages long after they have been deleted from package managers, with over one million packages scanned per month

“In 2022, Checkmarx researchers exposed some of the most prolific open source attack groups, including RED-LILI and Lofygang,” said Checkmarx CEO Emmanuel Benzaquen. “Given the dramatic proliferation of malicious open source packages from organized attack groups, we’re pleased to empower security stakeholders by revealing adversarial motives, tactics, techniques and procedures in a constantly updated intelligence feed.”

Checkmarx’ Supply Chain Threat Intelligence incorporates the industry’s most complete threat intelligence research and employs machine learning, retro hunting, and cross-language hunting to identify even emerging threats.

How Supply Chain Threat Intelligence works

Checkmarx Supply Chain Threat Intelligence is delivered as an application programming interface (API) that is simple to integrate into many dashboards and development environments. Users obtain a unique token from Checkmarx, send in a package name and version and receive threat intelligence on the package.

The API helps developers and security professionals:

  • Quickly and easily identify potential threats in open source packages
  • Better understand the threat actor’s decision-making process
  • Perform bulk queries to efficiently receive intel on large numbers of packages at once
  • Stay ahead of cyber threats with real-time updates and alerts on new and emerging risks
  • Gain valuable insights and context on detected threats to inform security decisions

“Our Checkmarx Labs supply chain security team discovered 150,878 unique malicious packages in 2022 alone,” said Erez Yalon, VP of security research at Checkmarx. “We’re seeing attackers continue to strike and publish malicious packages even after they’ve been reported. They simply create new sock-puppet accounts and nothing stops them from doing so. Their relentless malicious behavior and the increasing velocity of new malicious package releases have led us to share our threat intelligence to help keep the open source ecosystem safe.”

To learn more about Checkmarx Supply Chain Threat Intelligence, visit the Checkmarx website.

About Checkmarx

Checkmarx is constantly pushing the boundaries of application security to make security seamless and simple for the world’s developers while giving CISOs the confidence and control they need. As the AppSec leader, Checkmarx offers the industry’s most comprehensive AppSec platform, Checkmarx One, that provides developers and security teams with unparalleled accuracy, coverage, visibility and guidance to reduce risk across all components of modern software—including proprietary code, open source, APIs and infrastructure as code. Over 1,800 customers worldwide, including U.S. public sector agencies and nearly half of the Fortune 50, trust Checkmarx security technology, expert research and global services to securely optimize development at speed and scale. For more information, visit the Checkmarx website, check out the blog or follow the company on LinkedIn.

Media Contact

Katie Brookes

Merritt Group for Checkmarx

brookes@merrittgrp.com

Read More

Want to learn more? Here are some additional pieces for you to read.