Inside The CodeCov Data Breach

Codecov is the name of an online software testing platform and reporting tool that inserts coverage metrics into CI (continuous integration) workflows. In essence, it’s there to help find coding problems. The company’s tools are widely relied upon, with some of its biggest customers including IBM, Procter and Gamble, Atlassian, GoDaddy, and the Washington Post.

This year has been a trying time for the company. Recently, unknown attackers harnessed a vulnerability in a tool published by Codecov to collect confidential development data from Codecov’s clients.

This supply chain attack and data protection breach was reminiscent of the SolarWinds supply chain attack, in which hackers inserted malicious code into software used by thousands of SolarWinds customers, whose client lists include some giant U.S. companies and governmental agencies. Customers who installed the tainted SolarWinds updates created, unbeknownst to themselves, a backdoor into its IT systems. The results have been referred to as among the most “impactful and sophisticated” cyber attacks of our time.

Inside The CodeCov Data Breach
Image by John Collins from Pixabay.

Codecov Breach: The Details So Far

Codecov’s breach is not quite as big as the SolarWinds attack, but it’s nevertheless bad news. For those affected, it could risk exposing their credentials, leading to potentially catastrophic system breaches.

Not all of the details of the Codecov breach are currently known — although what is known is far from good. What is clear is that, on April 1, 2021, the company learned that cyber attackers had gained illegal access to one of its scripts and modified it without the proper authorization. They had been able to gain access due to an overlooked error, allowing the attackers to surreptitiously gather Codecov customers’ credentials. This included tokens, API keys, and assorted environmental variables in clients’ CI environments.

While Codevoc quickly fixed the problem and secured the vulnerability, in addition to alerting law enforcement, it nonetheless meant that the attackers had had access to the system for at least two months, since late January 2021. Codecov hadn’t said how many of its clients have been affected by the hack. However, the company notes that upward of 29,000 enterprises utilize its services. Codecov recommends that any users who used its Bash Uploader script during this time re-roll their credentials, tokens, and keys.

Taking The Steps To Protect Yourself

Whether you were a user of Codecov’s Bash Uploader script or not, it’s crucial that businesses and other organizations take the proper precautions when it comes to data protection to safeguard against such attacks. For one thing, organizations should ensure that security audits also consider third party vendors and providers when they are working to plug accidental leaks or potential sources for exposing sensitive information. Identifying and changing credentials available to software is also an important step to take, as is deploying API security solutions.

NOW READ  Port Pilots: Who Are They And What Do They Do?

Enterprises wishing to protect themselves from potential supply chain attacks like the Codecov and SolarWinds breaches should take the necessary steps to shore up their defenses. Database firewalls, for instance, can help to block threats like SQL injection. User rights management, meanwhile, can help to monitor data access, along with the activities of privileged users, so as to spot excessive and inappropriate privileges. Encryption and data masking can also be utilized as a means by which to obfuscate private data in order that, even if it was exfiltrated, it would not be readable to hackers. Behavioral analytics can additionally help reveal how proprietary data is accessed and, potentially, moved around inside organizations.

Data protection is only going to become more important. The ramifications of a data breach or incident involving data loss can be crippling to an organization. Potential fallout can range from damaged reputation and loss of customer trust to legal liability and regulatory fines. It’s among the biggest challenges to accompany the world of digital transformation for organizations — and it’s one that absolutely cannot be taken lightly.

One Of The Key Challenges In Digital Transformation

Businesses and organizations should make sure to properly vet any third-party companies they rely on on a regular basis. But, as the Codecov breach shows, it’s not just unknown, disreputable companies that are at risk; giants with great reputation and big customer portfolios aren’t safe from potential breaches. And while this particular vulnerability may have been plugged, it’s only going to be a matter of time before the next one is discovered elsewhere (or, worse still, not discovered until it’s too late.)

With that in mind, businesses must take additional steps to safeguard their data privacy. Data protection is one of the key challenges of digital transformation in organizations of all sizes. There is no one-size-fits-all solution when it comes to solving it. Nonetheless, by putting the right measures in place enterprises can do their best to mitigate the damaging effects without putting their fate in the hands of a third-party.

Doing so is one of the smartest moves you can make — both for yourself and your customers.

Featured illustration by by Darwin Laganzon from Pixabay.