Socket detected the Axios NPM supply chain hack in six minutes — and 2,000 orgs signed up in 24 hours

Speaker 1: Khadija. I hope I pronounced that correctly. What? The problem. Is that right?

Speaker 7: So We can ask him. Yeah. We can ask him. Socket detected the malicious update within six minutes, and we are lucky to have Farras join us. What were you guys doing for the The six minutes. Minutes. So sleep at the wheel? No. I'm kidding. No. No. No. We're definitely not asleep at the wheel. Good. It it takes time to download packages, scan them, put them through our battery of tests. Yeah. So I think six minutes is actually pretty good. No. It's

Speaker 1: fantastic. I'm just But but, yeah, maybe zoom out and tell us about like the actual process that Socket runs, your business, how the system works, and how you're able to detect supply chain hacks and cybersecurity threats so quickly.

Speaker 7: Yeah. Totally. So so Socket was among the first to detect and report on this incident. Mhmm. We built a system that, you know, goes out and downloads every open source package in existence within a few seconds. So we support about 19 ecosystems and this includes really all sorts of third party code that might be used to build applications today. It includes things like your AI models, your open source dependencies, even your editor extensions, your Chrome extensions, like really any code coming from third party sources. And we put it through a battery of really intense static analysis, maintainer behavior analysis, and then of course a bunch of AI and then human researchers as well. And we we try to help kind of make a determination. Is this something safe that you want to use, you know, within your application or within your organization?

Speaker 1: Yeah. So can you can you talk about the shape of the threat that was posed by the Axios supply chain attack? Like because there's a wide range of, you know, zero day exploit that gives you full access to someone's device or computer or system all the way to just something that, okay, it would crash if this was if this exploit was used. Right?

Speaker 7: Mhmm. Yeah. I mean, maybe we just start from the beginning and summarize the attack for folks. Yeah. So I mean, there's a North Korean state actor that socially engineered the lead open source maintainer of the Axios package. Mhmm. And it was honestly quite a sophisticated and impressive effort. They posed as a founder of a fake company. They created a fake Slack workspace, invited this know, invited the maintainer to join it. Yeah. They staged a fake Microsoft Teams call, and the the website was made just incredibly compelling. They used the official SDKs from Microsoft Teams to create like really realistic components in the page. Oh. They joined the call and, you know, by the way, is oh, they also developed a relationship over the course of, you know, weeks. Right? So this wasn't like a like a, you know, a situation in which you would expect to be on guard or on defense. Yeah. And at some point in the call, the call just cuts out and the the browser says, hey, you know, you gotta install an update. And it gives them a binary file that they're, you know, to install. And so this, you know, this maintainer thinks, okay, guess I, you know, guess I got to install this update real quick so I can get back into the call. And it turns out that's how they compromised, you know, their device. So you know, it's it's not just like, you know, a a phishing link or something like I mean, this was a targeted attack. They also targeted me and a bunch of people at our company as well. So they targeted a whole bunch of the top NPM maintainers who, you know, have access to a lot of packages. Interesting.

Speaker 1: Then then in terms of once they get control over, they phish a particular credential, a particular device for a developer who has access to push changes to a package like Axios, what are they actually changing in Axios to create a vulnerability in the supply chain, in the software supply chain?

Speaker 7: Yeah. So they publish poisoned versions of the package that silently install what's called Remote Access Trojan, which is basically a way for the attacker to just remotely control your your device and and basically do whatever the attacker wants. It's like they're sitting in front of your computer on the keyboard, you know, typing whatever they want onto your onto your system. Yeah. And it it what they did what they did with it was they kind of pulled all the, you know, most interesting files and credentials off the system. So things like if you have a crypto wallet, like they're taking the keys for that, they're going to definitely want the crypto. Yeah. If you got, know, if you're logged into NPM, right, they pull those credentials so they can spread like as a worm and kind of continue to infect the next set in the attack. Right? So it's it's actually like this self replicating kind of cycle where they they get these credentials and then they use them to go on to the next stage. Mhmm. And, you know, yeah. And then, you know, this is I mean, the thing I think I want to emphasize here for people is this isn't just an isolated incident because this has been kind of the the the most recent blow in this kind of series of of compromises and attacks against the software supply chain that has been happening really over over the last six months in a really intense manner. Yeah. And we've seen it really pick up in the last month Yeah. With with with Team PCP compromising Aqua Security and the Trivy scanner, and then they that cascaded into Light LLM being compromised. Another security company CheckMarks was compromised.

Speaker 2: Yeah. What happened with Light Light LLM and and how like, do do you have a good sense of how that, contributed to the breach at at Merkor?

Speaker 7: So it's it's part of the campaign of Team PCP, so they dropped the same kind of self propagating worm called canister worm into the package. And what you have to realize is once you run a compromised open source package on your system, you know, you kind of have to rotate all your credentials, like all your tokens and keys and and passwords, and and it's a really hard thing to do very thoroughly and very completely. And so I think that we're going to see a a long tail over the next, you know, probably twelve months of follow on attacks from this from this set of compromises. Mhmm. Because the group claims Team PCB claims that they've stolen 300 gigabytes of compressed credentials. Yeah. So that's, you know, that mean, think about that. 300 gigabytes of stolen Yeah. Passwords, API keys, GitHub action tokens. I mean, they they're sitting on so much. It's like a gold mine in terms of, like, what's gonna what's gonna follow on from this. So I think it's it's not surprising that,

Speaker 1: you know, that you're seeing companies affected. Right? Yeah. So why why the boom in the last six months? Is it it feels like it must be tied to vibe coding or or AI agents. Is this that they have more powerful tools so they're able to do more damage, or is it because our systems are getting weaker because we're pushing more vibe code to production? Is it both? Like, what are what what got us to this place where we see this takeoff in cybersecurity threats?

Speaker 7: Yeah. Well, you're absolutely right. It's definitely become a top concern. I think we're we're hearing at a lot of our customers and prospects that are contacting us that this has now become a board level concern. Yeah. You know, everybody is asking how are we not gonna be affected by the next one. Yeah. So I would say that, you know, fundamentally, like if you really zoom out and ask why is this a pro like why is this happening? Yeah. It's because the whole software supply chain is built on blind trust. Yeah. I mean, you're downloading code from random people on the Internet that you've never met. You don't know who they are, and you're like, let's just run it, right? Like, let's just hit run and like, I hope it's fine, you know, I hope hope it's good, you know, and I'm going give it full access to my system, right? Yep. No permissions model, right? No review, and I mean, no one looks at the code, right? Yeah. Before they run it. And unlike an iPhone app or, you know, mobile phone app where it has to ask for permission to do sensitive things like access your camera or your microphone or your location or your contacts or your files, right? Open source packages just get everything, you know? You just run them, they get everything. So, you know, also there's this asymmetry in security and this has always been true. So this is, you know, kind of more of the bigger picture. You know, part of the bigger picture here is that defenders have a much harder job than attackers because they have to guard against really all the ways that you can possibly get attacked, and the attacker has to just find one way in. Right? So it's asymmetric, and and so when attackers realize, hey. Look. You know, open source, the way that companies use it has changed in the last decade. We no longer use, you know, just a handful of components like WordPress, Apache, PHP, you know, these kinds of big components. We actually pull in, in some cases, it's like a thousand open source libraries just to get Hello World to show up on the screen. Right? Yeah. It's crazy the diffusion in the number of these things. Yeah. So, you know, they realize, look, I could just attack one of these things, one of these libraries, and I can get into a company, like, that's so much easier than attacking head on and trying to hack the company directly, right? I can find one of you know, and we have customers, by the way, they have five hundred five hundred thousand plus open source components in their environment. So just think about that. Right? Any one of those is a way into the company. Yeah. Right? Yeah. The funniest package is is even. It just tells you if a number is an even number it's and it has one dependency is odd because it's it's it's a Everybody loves the title stack. Exactly. It's a great example. Tell

Speaker 1: me more about the shape of your business. I mean, seems like you're getting a lot of calls from companies and boards. Like, what does it look like to work with you? How are you plugging into companies? Or do you have a do you have a business line around going and hunting bug bounties? Like, how

Speaker 7: should I think about the the business of Socket these days? Yeah. Well, look, people contact us when they want to get their software supply chains under control. Right? So right now, what that looks like is companies that are deploying AI agents and AI coding assistance across their companies have one big question in their mind, which is, you know, how do I know what my agents are doing? Yep. How do I know what my developers are doing with those agents? Yep. And that is the the problem that we help them get under control. Mhmm. So the way to think about Socket is we are a software supply chain defense company. Right? We protect your software supply chain. So when an AI agent is making a decision to go and install something in order to accomplish the task that's been given to it, you know, it will go through socket first. So we are the guardrail to ensure that no malicious components get installed. And if you take a concrete example, Axios, the attack we've been talking about, that malicious package was live for about three hours. Meaning, you know, anyone who was asking their agent like, hey, go build me whatever, right? Doesn't matter what. One of the first things it's probably going to grab it because it needs to do HTTP requests. It's going say, oh, Axios, right? Yep. And, you know, so the question is how do we, before that gets taken down, right, before the or even before the community is aware, how do we defend our organizations and our applications from those those packages that have had these implants, right? And, you know, and yeah. It's it's really top of mind for people. I would I would say it's it's kind of become like a, you know, number one concern for CSOs and for boards. Yeah. Has What what what is your view on

Speaker 2: cybersecurity as a category? I think a lot of you know, we we've talked to people on air, off air that were surprised of of about the sell off in in cyber due to to LLMs just because LLMs themselves are creating all these new threat vectors, and so there was kind of a a disconnect there. But what is your sort of more general outlook on the category?

Speaker 7: I think in the short term, security is going to get worse. It's going get harder. So I think actually, I think the, you know, the answer is really the opposite. Like, and products and, you know, things like socket are actually more needed than ever before. You know, with with Mythos coming out yesterday, you know, that's going to find a ton of vulnerabilities and, you know, it's finding vulnerabilities all across the software supply chain. And so, you know, the you know, I think, you know, more vulnerabilities discovered means there's more urgency to fix the ecosystem and it becomes it goes from being, you know, a lower priority on people's lists to a higher priority. And so I think, you know, the short to medium term effect is going be massive awareness. It's going to be supply chain security becoming more top of mind for everybody. That's obviously great for us as a business, great for the ecosystem because I think it's hard to invest in things and get justification for budget if you're a security leader, if you don't have, you know, a fire or an emergency to point to. And so this this really helps there. I think longer term, you know, we have to see. I think, you know, ultimately, I think AI solves the asymmetry problem that we were talking about earlier because for the first time, defenders now have an infinitely scalable army of AI agents doing their bidding and doing continuous security analysis, and that's all work that would have been way too expensive or impractical for their humans to do before. And so the attacker's advantage of only needing to find one way in starts to erode when the defender has the ability to kind of continuously audit everything. And so I think longer term, once we get through this rough period, I actually am very optimistic about, you know, security improving. But one thing I will say is, you know, with security, one of the reasons I love the field and why it's such an exciting field to be in is that, you know, it's it's a cat and mouse game. So you're it's a dynamic system. So it's not like, you know, architecture or bridge building where, you know, you you learn the the rules of physics and you know how to build a bridge that's going to, you know, withstand gravity and these forces that don't change. In security, the minute you think you've got things under control, the attacker evolves, the attacker switches their strategy and they have access to the same AI tools that the defenders have. And so it's really a field that is, I think, always going to be growing and always going to be a great business to be in.

Speaker 2: Has a cybersecurity company ever got caught, like, sort of LARPing as a hacker group in order to drive demand? You know, sort of like hacking a a popular company in order to drive demand for their product because you said you said CISOs oftentimes need to be able to point at a fire to to justify budget. You

Speaker 7: know, that's super funny you asked because that was always the conspiracy theory that folks had about anti virus companies back in the nineties and the in the February was that they were the creators of the viruses, so they could sell you the anti viruses. Yeah. You know, but

Speaker 2: Create the problem, sell the solution. Yeah.

Speaker 7: I mean, you know, I I think I think that I'm not aware of any companies getting caught doing that. I think there's enough bad guys out there that have realized the opportunity sitting there in plain sight that I don't think that, you know, it it you gotta go to the go to conspiracy theories to kind of explain why attack hat needed. Yeah. No Tim Pool hat needed. Yeah. I mean

Speaker 1: How do you think about the these economic impact assessments? When Axios, I feel like everyone jumped on it very quickly. Andre Karpathy shared that he he didn't have the repo pinned, but he hadn't updated so he was able to dodge it for that three or six hours. Right? So a lot of people got lucky, but do we have an idea of, like, the actual toll that that particular attack had? Because it felt like the number could have been very huge, but a lot of people were able to get to it fast enough that there wasn't necessarily a massive crypto breach or a massive PII beat breach. But do you have an idea of like how the industry is thinking about the size of the and the scale of the economic impact?

Speaker 7: Yeah. Well, I don't have an economic dollar amount for you. But Yeah. If you look at the number of downloads per week of this package, it's a 100,000,000 weekly downloads. Right? Yeah. That, you know, you figure you do the math on that and you figure out like what does that mean across the three hour window? I mean, you're you're talking hundreds of thousands of people who installed it and that's, you know, across CICD environments, local laptops, that stuff that's been shipped into production. If you take, you know, another metric would be, you know, how many folks have reached out to Socket, you know, in the in the twenty four hours following that attack to become a customer and make sure that, you know, they could use our tools to assess whether they were affected and to protect themselves for future attacks. We had almost 2,000 organizations sign up for an account in a in a a twenty four hours Yeah. Yeah. Which, you know, to put in perspective, it's a, you know, it's a significant percentage of of all, you know, our our full user base. So, know, I think this is very very widespread. And this is the thing about the supply chain, right, is like Yeah. It's really not a matter of like if you're going to get hit. When you're talking about these very, very widely deployed dependencies and, you know, including even some of my own code, right? I know I have these, you know, you picked on is even, you know, I have some code that is similar to that, a little bit less less outrageous of an example, but, you know, and and and it's in it's in every it's in, you know, probably almost every Node. Js app and that's just how that's just how the supply chain works today. So Yeah. It's it's really

Speaker 1: not surprising that, you know, everyone is going to get hit by this eventually. Right? Yeah. Well, thank you for coming on the show and breaking it down for us. Yeah. Really appreciate everything you're doing. It seems more important than ever. And so have a great rest of your week. Come back on soon. We'll talk to you soon. Yeah. Thanks, guys. Goodbye. Up next, we have Kasim Mathani from Depth First announcing a big round. Company also launched its first in house model, DFS Mini one, focused on vulnerability detection and smart contract. We'll bring Kasim into the TV panel. Are you doing? Hey, guys. Doing well. Thank you for having me. Of course. Good to see you. Nice step and repeat behind you. Are you at an event or is this just your normal background?

Speaker 6: This is like, our my background. Amazing. We we had like an amazing event with the mayor of San Francisco and we got this for for that. That makes sense. Well, since it is your first time on the show, please introduce yourself and and the company. Yeah. My name is Kasim Mitani. I'm one of the cofounders of DevFirst. We are building intelligence discover triad gen immediate vulnerabilities at scale in an enterprise environment. We just raised a $80,000,000 series b round from Veritech.