Rapid7 Says Source Code Accessed In Codecov Supply Chain Breach

By   ISBuzz Team
Writer , Information Security Buzz | May 17, 2021 02:43 am PST

BACKGROUND:

Cybersecurity company Rapid7 acknowledged that due to a breach of software supplier Codecov, its source code was accessed by attackers. Hashicorp, Confluent, and Twilio have previously confirmed their code was similarly impacted by the Codecov breach.

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Roger A. Grimes
Roger A. Grimes , Data-Driven Defense Evangelist
May 17, 2021 10:47 am

<p>Rapid7 is just the latest computer security company in the headlines for being compromised for one reason or another. Computer security companies are just regular companies. Some have better security than other companies, some not so much. I remember the first time a company I worked for did a security review of the source code of a far larger, very popular security company that nearly the whole world used at the time. You would think that their source code would be tight, error free. Instead, it had hundreds of security vulnerabilities. Simple, easy-to-see, security vulnerabilities. Just because you’re a security company or make a security product doesn’t impart some special magic that they will be better secured than any other company, although I’m sure most customers think it’s an unspoken obligation. But realistically, all customers need to hold their vendors to the highest possible security controls and practices possible. Don’t assume jus because they are a computer security company that they do their own internal security better than most companies, because you’d be surprised how often that is not true. With all of that said, Rapid7, like FireEye, is getting caught up in a supply chain attack method that is difficult to prevent from the customer-perspective.</p>

Last edited 2 years ago by Roger A. Grimes
Garret F. Grajek
May 17, 2021 10:45 am

<p>This hack of Codevoc shows us that the Supply Chain hack that affected SolarWinds and their customers is not a fluke. Until we have a system that can validate all software before it’s installed, we have to ensure that we follow best practices in the enterprise. We know the behaviors that the malware will attempt. They include lateral movement, privilege escalation and communication back to a command-and-control center – either for crypto-locking or exfiltration. It is imperative to mitigate attacks at these crucial steps. Zero Trust principals are recommended for an architecture to mitigate later movement and communication to malicious C2s. Privilege escalation must be addressed by a virtually fanatical approach to detection in accounts – this should include both ongoing and triggered access reviews on privilege accounts and groups.</p>

Last edited 2 years ago by Garret F. Grajek

Recent Posts

2
0
Would love your thoughts, please comment.x
()
x