Tag Archive for: Supply Chain

Cybersecurity Predictions for 2023: Looking Ahead

The last few years have been difficult for all of us and for many, and unfortunately, 2022 did not bring the reprieve we were hoping for. Not only did we experience ongoing supply chain issues and extreme staffing shortages, but we were forced to navigate soaring inflation and economic turmoil, as well as overall political unrest.

Alongside all these problems is the growth of cyberattacks, both on individuals and organizations—and this trend is expected to continue, with increasing frequency and sophistication. And while the pandemic accelerated the digital transformation trend, it has also created new opportunities for cybercriminals to attack.

Cybersecurity continues to be a major concern for corporate America. In fact, most of today’s security and risk leaders understand that if their organization incurs a successful cyberattack, it will cause momentous disruptions to business. While we continue to battle the ever-changing threat landscape, proper planning, and effective solutions can be developed to reduce the potential risk and damage. The key is to be prepared for the road ahead.

Here are the four cybersecurity predictions we expect to see in the coming year:

Increased Measures for Ransomware

Given the continued rise of ransomware attacks on organizations, we expect to see an increase in the number of countries passing legislation to control payments, fines, and negotiations. This change will encourage organizations to be more proactive in their cybersecurity and ensure they follow proper procedures when an incident occurs.

With or without governments involvement, it will become imperative for companies to employ solutions that help to prevent attacks. For example, in a 2021 White House cybersecurity mandate, multi-factor authentication (MFA) to secure access was named as an important preventative measure. Having an MFA tool is also a requirement of many of today’s cyber insurance policies in an effort to control points of exposure. In general, there will be more steps taken – both at the organizational and government levels – to help ensure we stay ahead of cybercriminals.

Supply Chain Attacks

The number of cyberattacks related to third-party vendors is undoubtedly on the rise. However, only a small percentage of security and risk managers are currently checking external vendors for security exposure.

As this trend continues, organizations will begin to make cybersecurity risk a determining factor in doing business with third parties. This will range from simple oversight of a critical technology vendor to complex due diligence for mergers and acquisitions. In fact, according to research from Gartner, by 2025, 60 percent of companies will use cybersecurity risk as a determining factor when conducting third-party business transactions and engagements.

Vendor Consolidation

Consolidation of security vendors will be another popular trend. Studies show that many CISOs have a high number of tools in their cybersecurity portfolio. Because purchasing a mix of tools from different security vendors can result in complex security operations and increased requirement for security headcount, it is becoming vital to have less vendors and more consolidated solutions. And many single-vendor solutions offer better security effectiveness and efficiency for today’s businesses. As a result, organizations are creating strategies to unify their security toolset to reduce vendor fatigue and simplify their security operations.

Passwordless Authentication in Partnership with a Zero Trust Framework

Going passwordless and developing a Zero Trust framework, requiring rigid authentication to gain access to a system, will continue to grow in popularity in the coming year. In fact, studies show that more than half of the organizations surveyed already have a Zero Trust initiative in place, and more than 95 percent of organizations plan to embrace Zero Trust as a starting point for security in the next 12 to 18 months.

Additionally, passwordless authentication will help make the implementation of Zero Trust more effective in achieving a layered approach to security. By using approach, instead of relying on just a password as a form of verification, organizations will depend on more secure authentication methods, such as biometrics and AI-powered verification. This takes into account numerous factors to grant, verify, or deny access.

Looking Ahead

Our world has changed enormously. Not only have businesses had to adjust to numerous ups and downs related to the pandemic, but they have had to adopt new technologies that support a different type of workforce. As we enter 2023, we must think about our security efforts and how we can continue to be vigilant about protecting our organizations against cybercriminals. We can use lessons learned not only to make cybersecurity predictions for 2023, but also to better help us manage risks and defend against the increasingly complex cyber threat landscape.

No matter what your cybersecurity plans are for the coming years, Proficio’s team of security experts is here to help. Our services help organizations mitigate cybersecurity risks, so you can be confident your networks are protected 24/7. To learn more about how Proficio can help your organization stay safe, contact us.

Codecov Breach

OVERVIEW | Codecov Breach

Supply chain attacks are far from new. We previously covered the SolarWinds attack, which may be the biggest software supply chain attack disclosed, as well as the most damaging supply chain attack to users. In more recent news, a new cyber-attack similar to the SolarWinds attack was discovered on a software testing platform – Codecov, which is a supplier of code management and audit solutions.

Codecov first discovered the attack on April 1st, disclosing this to the public on April 15th. However, investigations into the attack suggest that it first occurred months earlier, possibly as far back as January 31st, yet went unnoticed for several months. The adversary was able to gain access to Codecov’s Bash Uploader script using credentials stolen by exploiting an error in Codecov’s Docker image creation process. The adversary then replaced Codecov’s IP address within the Bash Uploader script to the adversary’s own IP address, rerouting the data to send information to the adversary instead of Codecov.

The altered version of the Bash Uploader script could potentially affect the following references from Codecov:

  • Any credentials, tokens, or keys that were passing through their CI runner that would be accessible when the Bash Uploader script was executed.
  • Any services, datastores, and application code that could be accessed with these credentials, tokens, or keys.
  • The git remote information (URL of the origin repository) of repositories using the Bash Uploaders to upload coverage to Codecov in CI.

Moving Forward

Proficio’s Threat Intelligence Team has been diligently researching the attack and how it may have affected our clients. There will be a continuous and ongoing effort to help ensure that all our clients are not being compromised by this campaign, through the following:

  • Gathering of IOCs and TTPs of the attack
    • Although no IP addresses of the third-party servers were disclosed to the public, our team is currently researching on the TTPs to potentially identify traffic on data exfiltration attempt
  • Performing threat hunting on potential exfiltration of data associated with campaign against our client SIEMs for the past three months
  • Documenting and investigating any potential incidents
  • Providing updates of threat hunting results to all Client Success Manager and Security Advisors, so they can alert clients, as applicable

General Recommendations

Given that the breach is newly discovered, there is still a lot of uncertainty as to how much damage it can bring to victim systems. As such, we always recommend our clients to keep the systems, and in this case, the scripts patched and up to date.

Clients that utilize Codecov as a service are strongly advised to run through Codecov’s recommendation and guidelines. For any Proficio clients who are unsure about logs investigations, please reach out to your assigned Client Success Manager or Security Advisors for the next steps.

Reference link

  • https://about.codecov.io/security-update/
  • https://www.bleepingcomputer.com/news/security/hundreds-of-networks-reportedly-hacked-in-codecov-supply-chain-attack/
  • https://www.reuters.com/technology/us-investigators-probing-breach-san-francisco-code-testing-company-firm-2021-04-16/
  • https://www.reuters.com/technology/codecov-hackers-breached-hundreds-restricted-customer-sites-sources-2021-04-19/
  • https://www.zdnet.com/article/codecov-breach-impacted-hundreds-of-customer-networks/
  • https://latesthackingnews.com/2021/04/26/codecov-breach-following-supply-chain-attack-affected-hundreds-of-networks/