Protestware & SSO breaches
CyberInsights Weekly #37
We are back after a rather long hiatus. Our last publication was at the height of COVID-19. We then took a break after that.
Now, as we restart our newsletter, the Russia - Ukraine crisis is old news, but there are interesting new threat models to deal with.
We protest by adding malware to open source libraries…
War is fought on many frontiers, cyber being a key one.
The Russia - Ukraine war has led to a new attack vector: Protestware. Hacktivists with social causes are changing the source code of popular open source libraries to insert malware.
NodeJS has been a key target with many node modules affected. Here is a helpful list. Some protestware is specifically designed to be used as protestware. This software can be imported as a node package and included by developers keen on registering their protest.
The risk of SSO breaches…
Image by Anja-#pray for ukraine# #helping hands# stop the war from Pixabay
Okta had a security breach in Jan 22.
They claim to have conducted a detailed analysis of the incident and concluded that an attacker was able to access only screenshots and not access to the accounts. The number of times they mentioned their vendor Sitel in their communication almost felt like a little kid in school trying to direct the attention of the teacher - “it wasn’t me ma’am, it was him!”. You can read the official FAQ here.
Okta says the ‘maximum potential impact’ could be to 366 customers, but also goes on to say that they are ‘confident the Okta service has not been breached’.
What can we do?
Create a software bill of material (SBOM) for open source software. Identify open source libraries (groan!) that might be compromised. Check for these libraries in the DevSecOps cycle
Identify risks from SSO services. Ask your SSO service provider for their cyber crisis management plans. Review and audit them, if possible.