Staying Ahead of Hackers: Protecting Mobile Apps & Detecting Malicious Packages – Asaf Ashkenazi, Jeff Martin – ASW #241
Learn how hackers are exploiting the trust that mobile app owners place in their customers. Hackers are increasingly modifying app code, posing as trusted customers, and infiltrating IT infrastructure.
This segment is sponsored by Verimatrix. Visit https://securityweekly.com/verimatrixrsac to learn more about them!
Unlike vulnerabilities, which can and do often exist for months or years in application code without being exploited, a malicious package represents an immediate threat to an organization, intentionally designed to do harm. In the war for cybersecurity, attackers are innovating faster than companies can keep up with the threats coming their way. A new approach is needed to stay ahead of the impacts of malicious packages within applications.
Findings from our latest report "Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities" illustrate the growing threat of malicious packages. From 2021 to 2022, the number of malicious packages published to npm and rubygems alone grew 315 percent.
Mend.io technology detected thousands of malicious packages in existing code bases. The top four malicious package risk vectors were exfiltration, developer sabotage, protestware, and spam. Nearly 85 percent of malicious packages discovered in existing applications were capable of exfiltration – causing an unauthorized transmission of information. Threat actors leveraging this type of package can easily collect protected information before the package is discovered and removed.
We’ll share why as long as open source means open, the door will be left open to bad actors, so it’s especially critical to know when things are being brought into your code. Malicious packages represent an immediate threat, unlike vulnerabilities, and can not be taken lightly.
This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to learn more about them!
Sponsored By
Announcements
Security Weekly listeners: Identiverse is just weeks away! Register now and join the digital identity community at the ARIA Resort & Casino in Las Vegas, May 30 – June 2. The 14th annual Identiverse will bring together over 2,500 security professionals for 4 days of world-class learning, engagement, and entertainment.
As a community member, receive 20% off your Identiverse 2023 tickets using code IDV23-SW20!
Register today: securityweekly.com/identiverse2023
Guests
Asaf Ashkenazi is Chief Executive Officer of Verimatrix. Asaf joined Verimatrix in 2018 and previously served as the company’s Chief Operating Officer. As CEO, Asaf leads the company’s ongoing business model transformation that focuses on recurring subscription-based revenue sources and new products. Offering a distinct mix of extensive cybersecurity technical expertise and management successes, he brings proven insights for market analysis, strategic partnerships as well as mergers and acquisitions. Asaf is a recognized security expert and routinely appears as a thought leader in industry publications around the globe – positioning Verimatrix as a top innovator that’s committed to providing the most powerful yet people-friendly protection for digital content, applications and devices. Prior to Verimatrix, he served as vice president of IoT security products at Rambus (NASDAQ: RMBS), lead security products at Qualcomm (NASDAQ: QCOM), and held other engineering management positions at Freescale Semiconductor and Motorola (NYSE: MSI). Asaf is a former board member of the FIDO Alliance and holds 10 U.S. patents for security architectures as well as an engineering degree from Ben-Gurion University of the Negev.
Jeff has spent the last 20 years in Product roles helping both the organizations he worked for and their customers transform and measure their software risk management processes and practices. He especially enjoys cultural and mindset transformations for their ability to create lasting progress.
Host
