First-to-market open supply risk intelligence API reveals adversarial ways, methods and procedures (TTPs), incorporating the 150,878 malicious packages found by Checkmarx Labs in 2022 and offering fixed updates
ATLANTA, GA – January 31, 2023 – Checkmarx, the worldwide chief in developer-centric software safety options, introduced right this moment the rapid availability of Provide Chain Risk Intelligence™, which delivers detailed risk intelligence on a whole bunch of 1000’s of malicious packages, contributor popularity, malicious habits and extra.
Based mostly on proprietary analysis by Checkmarx Labs, Provide Chain Risk Intelligence affords:
- Identification of malicious packages by assault kind similar to dependency confusion, typosquatting, chainjacking and extra
- Evaluation of contributor popularity via identification of anomalous exercise inside open supply packages
- Intelligence on the malicious habits of packages, together with static and dynamic evaluation to know how the code runs
- An information lake that enables the continuing evaluation of packages lengthy after they’ve been deleted from bundle managers, with over a million packages scanned per thirty days
“In 2022, Checkmarx researchers exposed some of the most prolific open source attack groups, including RED-LILI and Lofygang,” stated Checkmarx CEO Emmanuel Benzaquen. “Given the dramatic proliferation of malicious open source packages from organized attack groups, we’re pleased to empower security stakeholders by revealing adversarial motives, tactics, techniques and procedures in a constantly updated intelligence feed.”
Checkmarx’ Provide Chain Risk Intelligence incorporates the trade’s most full risk intelligence analysis and employs machine studying, retro searching, and cross-language searching to determine even rising threats.
How Provide Chain Risk Intelligence works
Checkmarx Provide Chain Risk Intelligence is delivered as an software programming interface (API) that’s easy to combine into many dashboards and growth environments. Customers receive a novel token from Checkmarx, ship in a bundle title and model and obtain risk intelligence on the bundle.
The API helps builders and safety professionals:
- Rapidly and simply determine potential threats in open supply packages
- Higher perceive the risk actor’s decision-making course of
- Carry out bulk queries to effectively obtain intel on massive numbers of packages without delay
- Keep forward of cyber threats with real-time updates and alerts on new and rising dangers
- Achieve priceless insights and context on detected threats to tell safety selections
“Our Checkmarx Labs supply chain security team discovered 150,878 unique malicious packages in 2022 alone,” stated Erez Yalon, VP of safety analysis at Checkmarx. “We’re seeing attackers continue to strike and publish malicious packages even after they’ve been reported. They simply create new sock-puppet accounts and nothing stops them from doing so. Their relentless malicious behavior and the increasing velocity of new malicious package releases have led us to share our threat intelligence to help keep the open source ecosystem safe.”
To be taught extra about Checkmarx Provide Chain Risk Intelligence, go to the Checkmarx web site.
About Checkmarx
Checkmarx is consistently pushing the boundaries of software safety to make safety seamless and easy for the world’s builders whereas giving CISOs the boldness and management they want. Because the AppSec chief, Checkmarx affords the trade’s most complete AppSec platform, Checkmarx One, that gives builders and safety groups with unparalleled accuracy, protection, visibility and steering to scale back threat throughout all elements of recent software program—together with proprietary code, open supply, APIs and infrastructure as code. Over 1,800 prospects worldwide, together with U.S. public sector businesses and practically half of the Fortune 50, belief Checkmarx safety know-how, knowledgeable analysis and world companies to securely optimize growth at pace and scale. For extra info, go to the Checkmarx web site, take a look at the weblog or comply with the corporate on LinkedIn.
Media Contact
Katie Brookes
Merritt Group for Checkmarx
