By Kevin Bocek, Vice President, Security Strategy &Threat Intelligence at Venafi
The group Lapsus$ stole data from the authentication service in the course of a hacker attack on Okta in January. Attacks like this on software builds are becoming more common for several reasons.
Kevin Bocek, VP Security Strategy and Threat Intelligence at Venafi
First, attacking one target opens the door to multiple targets. Secondly, security and development teams often do not work together, so developer environments are insufficiently protected. Even more worrying, however, is the fact that it is enormously difficult to restore a developer environment once compromised. This type of access gives threat actors the keys in their hands, so they stubbornly hold on. So it’s no surprise that attacks of this kind happen again and again.
Even more troubling is that so many companies are dependent on a single identity provider and are betting everything on one card. This means that a single vulnerability opens the attack surface completely and exposes several companies to the risk of future attacks. This was already the case with the attacks by SolarWinds, in which Office 365 was attacked – and the waves of attacks continue to spread.
As for Lapsus$ in particular, they have already abused machine identities in the past and used their understanding of developer environments to their advantage. This jeopardizes the trust system that enables communication between machines and the execution of software. As these types of attacks become more and more common, it is imperative to adapt the approaches to securing build pipelines. We cannot have development teams working without the involvement of the security agencies, nor can we expect the security agencies to understand the intricacies of the development environments. We need a new kind of security developers who can close the gap and enable security in the shortest possible time.