The breach on code testing software vendor Codecov could have easily gone unnoticed for an indefinite amount of time.
Bearing resemblance to the 2020 SolarWinds attack, it’s another example of highly evasive supply chain infiltration in which malicious actors target and steal credentials to get to their intended target. For Codecov – the target was amongst their 29,000 customers worldwide.
As the long-term impact of this breach is still being investigated -- the team at CyberArk Labs reports their findings after analyzing the attack.
Here’s what's covered:
- Hacks and backdoors: an examination of the Codecov attack chain
- Discovering the breach: how months could have been years
- Cloud & DevOps: operational challenges and threats
- Fragmented Security Architecture: Rise of the Shadow Admin
- Supply Chain Attacks: The different types, ramifications and fallout
- Taking the learnings: A discussion on mitigation strategies.