News, news analysis, and commentary on the latest trends in cybersecurity technology.

Checkmarx Launches Threat Intelligence for Open Source Packages

The new API incorporates threat intelligence research and employs machine learning to identify threats in the supply chain.

Dark Reading Staff, Dark Reading

January 31, 2023

1 Min Read
screen of source code, most likely javascript.
Source: maciek905 via Adobe Stock Photo

Software supply chain attacks where attack groups are tricking software developers into integrating malicious open source components into their applications are on the rise. To help developers identify malicious packages, Checkmarx has launched Supply Chain Threat Intelligence, an API that delivers detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, and malicious behavior.

Checkmarx says it identifies malicious packages by attack type, such as dependency confusion, typosquatting, and chainjacking. And contributor reputation is calculated by analyzing anomalous activity within packages.

Supply Chain Threat Intelligence is based on threat intelligence research by Checkmarx Labs and includes the 150,878 malicious packages the group discovered in 2022, the company says. Checkmarx then employs machine learning, retro-hunting, and cross-language hunting to identify emerging threats. The company also uses static and dynamic analysis to understand how the code in the package runs.

Security works best when it is part of the developer workflow. Checkmarx says Supply Chain Threat Intelligence integrates with widely used developer tools and environments. The developer obtains a unique token from Checkmarx, sends in a package name and its version number, and receives threat intelligence on the desired package. The developer then has information on what the package does, whether the package is considered malicious, and the reputation of the developer associated with the package.

Reporting packages don't stop attack groups, as they create new sock-puppet accounts and continue publishing them, Checkmarx says. The company maintains a data lake of all the packages scanned so that the team can continue analyzing them even after they have been deleted from package managers, the company says. This can help link multiple packages to the same threat actor or uncover patterns over time.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights