What we can learn from the Codecov breach case

Codecov breach case

None of us are strangers to news of cyberattacks and security incidents that have financially staggering repercussions and those that cause significant reputational damage. 

Recently, however, news of Codecov breach, a supply chain attack, one that remained undetected for months until it was far too late — represents a dangerous turn in the recent spate of attacks that includes the SolarWinds breach.

With a network of around 29,000 clients including global companies like Google, the Royal Bank of Canada, IBM, HP and more, it wasn’t just that Codecov was in the crosshairs of attackers; they also exposed an ecosystem that most companies can only dream of laying claim to.

While investigations are still being carried out and new details are emerging, what’s clear is that supply chain security is more vulnerable today than it has ever been. 

What we know about the Codecov breach so far

Dating as far back to the 31st of January this year, the company noticed certain signs that, while suspicious, didn’t raise any of the most common red flags. 

By exploiting an error in its Docker image creation process, attackers stole credentials and manipulated the company’s Basher Uploader script via malicious lines of code.

The breach was eventually discovered on the 1st of April. 

As a result of this, information that sat within the company’s continuous integration environments was exposed, and it has now been revealed that the threat actors also managed to infiltrate external software development programmes and other technology services companies. 

Investigators have revealed that this also includes behemoth enterprises like IBM.

The attackers also managed to:

  • Replace Codecov’s IP address with theirs and posted customer credentials to their servers
  • Extract confidential data including PATH variables, usernames, security credentials, tokens and other information
  • They accessed a range of additional resources including the data stored on compromised networks across external software vendors
What best practices can we adopt following this breach?

As a result of the attack, Codecov has executed certain precautions that most companies today can benefit from. Apart from certain undisclosed mitigations, the company has not only rotated internal credentials but also engaged an external cyber forensics firm to audit its environment.

In addition to this, there are other strategies modern businesses can execute to ensure that their supply chains don’t form chinks in the armour that open their operations up to interference.

One of the biggest takeaways, here, is that we need to execute greater diligence when it comes to the third-party resources, integrations or applications we introduce to our networks and systems.

Another interesting best practice is taking a more thorough look at the non-human elements in our networks, which generally go unprotected and unsupervised. Here, access management and continuous monitoring can go a long way in helping you keep your ecosystem secure.

Another great way to go the extra mile for supply chain security is to assign build monitors to secure your building processes. In doing so, it’s easier to be more vigilant about unauthorised code changes, anomalies, and other suspicious activities.

In this process, you can also use CI/CD pipelines and make sure you’re incorporating DAST and SAST tests into your processes, as well as implement the right AI solutions to automate your scanning and monitoring activities.

Moreover, effective and systematic secrets management, including using the right software, can help you record and maintain sensitive information like SSH keys, encryption keys, API tokens and passwords more securely.

Creating a more secure business environment through the latest VRM best practices

Given the rate at which malicious actors launch their attacks and the sophisticated attack technology we’re seeing emerge, these incidents seem to be an unfortunate side effect of operating in today’s market.

Despite this, learning from incidents that do occur and optimising our networks, practices, and systems can go a long way in helping us adapt to the risks that are unfolding.

Now more than ever, investing in powerful supply chain security systems and resources, which include integrated risk management platforms, can go a long way in keeping our businesses secure.