In the case of the XZ breach, this backdoor could give the attacker access to anything from login information to adding malware.
The breach unfolded as a supply chain attack that utilized third parties to gain access to the primary organization’s data. The backdoor was only planted a few months ago, but the planning began years in advance when a software developer began to help with the code of the XZ project. In open-source software like Linux, it’s not uncommon for random software developers to appear and help build the code, so nothing seemed suspicious.
The malicious actor used its access to the code to add a backdoor to the updated versions of the UX utility. In developer terms, the code manipulates the SSH, giving the attacker access to any customer’s network without the entry point being seen.
The backdoor was caught by another software developer who was using XZ on their computer. They warned about the malicious code in an online forum for open-source software only days after the update went live, saving many companies from facing the consequences of this attack. For all the technical details, see Cyber News.
In the wake of this breach, security managers must glean valuable lessons to fortify their defences against future threats:
Security managers have a lot on their plate, so it’s easy to trust third parties to do their security checks for you. However, you never know the standards or procedures of a third party and should never trust that checks will be taken care of by someone else. Incorporate third-party monitoring checks into your typical security protocols to detect suspicious activities.
While open-source software offers numerous benefits, it’s crucial to assess associated risks. Had XZ not had code that was able to be accessed by the public, this backdoor would never have been created. Consider not using open-source software or at the very least implement stringent vetting processes for any open-source tools before integration into any company networks.
Improve your defence mechanisms with network monitoring tools capable of identifying and thwarting unauthorized access attempts promptly. Although they may not have caught the malicious code, they could potentially spot any suspicious activity the cyber criminal would do after entering your network. Network monitoring tools are worth the initial investment to save you in the long run!
Foster a culture of security awareness within your organizations. Add training modules and have conversations around the importance of evaluating third-party tools and remaining vigilant against potential threats that they bring. Your employees can become the best defence against supply chain attacks.
This XZ breach is a crucial reminder that third-party and supply chain partners cannot be forgotten in your security program. When using any third party, be vigilant about staying up to date with any of their updates and security protocols. Have high standards for what you want to add to your network and educate your employees so they do the same. Stay safe, everyone!