Toolkit ‘tackles common scenarios’ and can evolve to detect emerging attack variants

An open source toolkit designed to detect and thwart dependency confusion attacks was unveiled at Black Hat Europe 2021 yesterday.

Developed by DevSecOps vendor Apiiro, Dependency Combobulator can be embedded within the software development lifecycle (SDLC) and CI/CD workflows, detecting malicious packages at the SDLC’s commit, build, or release phases.

The modular, Python-based framework gives application security practitioners a means to evaluate releases against package management schemes and sources including GitHub Packages and JFrog Artifactory.

Dependency confusion attacks

Dependency confusion – or namespace confusion – attacks poison the open source software ecosystem by duping developers and automation systems into installing malicious dependencies that imitate legitimate packages.

Attackers discover legitimate software packages’ internal-facing dependency references before building a malicious package and uploading it to a public registry with the same name as a targeted privately hosted package.


RELATED Open source ecosystem ripe for dependency confusion attacks, research finds


The attack technique was pioneered by security researcher Alex Birsan. Disclosed in February 2021, his proof-of-concept attack resulted in “tens of thousands of callouts from different endpoints”, many belonging to Fortune 500 companies, Moshe Zioni, VP of security research at Apiiro, told attendees watching on Black Hat Europe’s Arsenal track yesterday (November 10).

Many similarly constructed but malicious attacks have followed, including one that prompted the NPM Registry and Python Package Index (PyPI) to remove thousands of rogue packages in March.

Adapting to emerging variants

Out of the box, Dependency Combobulator currently supports the NPM and maven package management schemes, but Apiiro says it will readily accommodate the addition of other package management systems.

“It’s part of our philosophy [that the tool is] easy to understand, modify, and expand – especially if you have something custom-made or a package manager that is not currently available as an option,” explained Zioni.


Catch up with our latest Black Hat Europe 2021 coverage


The researcher said the toolkit can “tackle common scenarios, which can be diverse”, and be adapted to detect emerging attack variations. “If you see other heuristic profiles you want to submit this will be very easy to implement,” he added.

Currently, MetaPackage, which instantiates package representation that is then scrutinized by the heuristics engine, can incorporate properties such as whether a package exists on a registry; if it’s forked; download count; a stability, quality or security score given by the registry; last time to upload; version(s); and publisher names.

The abstract model will at some point be enriched with additional security properties, said Zioni, while the range of sources and registries will be expanded.

The researcher invited the open source community to suggest new features and other improvements. “We would like to bring more and more value to more and more people,” he said.


DON’T FORGET TO READ Linux community project aims to tackle dependency confusion attacks with easy code signing, verification