The program will aim to help partners deliver stellar services and customer experiences.
Continuous integration and delivery platform CircleCI confirmed that a security incident occurred on January 04, 2023 and was caused by an infostealer being deployed on an employee’s laptop. Because the targeted employee had privileges to generate production access tokens, the attacker was able to potentially access and steal data from a subset of databases and stores.
CircleCI is a popular continuous integration and delivery (CI/CD) platform that helps developers automate building, testing and deploying software. With customers in the tens of thousands, it is a widely-used DevOps tool that helps companies such as Google, Peloton and Asana quickly deploy new versions of their products.
On January 4th, 2023, CircleCI informed all of their customers of a security incident and asked them to rotate all secrets stored on CircleCI’s systems, such as cloud provider credentials and repository SSH keys. From the perspective of CircleCI customers, such a security incident is equivalent to the theft of API keys in different production environments. For example, some customers reported misuse of their AWS accounts using AWS credentials stolen from CircleCI.
On January 13th, 2023, CircleCI published that the root cause for the breach was an employee’s Mac laptop that was infected with custom-made malware. CircleCI’s EPP/EDR/AV software did not detect or stop the malware. The malware was able to steal a cookie containing a post-2FA token that was used to access the CircleCI production systems. By using the token, the unauthorized 3rd-party managed to exfiltrate encrypted customer secrets, including AWS keys and GitHub OAuth2 tokens, and had the key to decrypt them.
CircleCI did not disclose how the malware appeared on the laptop, but according to the disclosed information, the malware probably posed itself as a “PTX Player” for Mac. PTX files are a type of transcript file format that is commonly used by educational institutions and other organizations to store and share transcripts electronically. If we had to guess, a CircleCI employee was targeted via a sophisticated spear-phishing/social engineering attack convincing the employee to download this app in order to view/sign some “important” PTX document.
This demonstrates (yet again) how email is still the easiest way into an organization, even into tech companies that are security-aware and invest heavily in cybersecurity. Recently we have seen a rise in similar incidents, resulting in customer data exposure or theft. A few recent examples:
These incidents all have one thing in common: an employee or contractor was tricked into either providing credentials or running malware on their devices – and the results can be dramatic. This was achieved by either a phishing e-mail or other means of tricking the target, or victim, to visit a malicious website. This should be a wake up call to security teams that email protection is a key cybersecurity layer that must be a high priority – CISOs should not settle for standard/basic email protection and instead seek out advanced email security solutions.
Back to the CircleCI incident, if your organization was also impacted, make sure to follow CircleCI’s official recommendations.
Even if you’re not a CircleCI customer, we highly recommend considering the following security measures related to secrets stored on your CI/CD and DevOps platforms:
Regardless of secrets management, it’s critical to invest in the security of endpoints accessing sensitive/privileged infrastructure and production data, as the next breach might involve other elements which are not just DevOps platform secrets but other crucial customer-related data that shouldn’t get into the wrong hands.
The program will aim to help partners deliver stellar services and customer experiences.
Costs are rising across most companies today. A new study, however, is finding that the costs of protecting against cyber events are also soaring.
Combating cyberattacks has proven to be costly, with organizations shelling out $1,197 per employee annually to deal with email service-, cloud app- or service-, and web browser-related cyber incidents, excluding expenses related to compliance fines, mitigation costs, and business losses, VentureBeat reports.
Global businesses are paying thousands each year to meet the expanding threats against email, browsers, and emerging cloud-based channels in the enterprise
Perception Point announced the publication of a report, “The Rise of Cyber Threats Against Email, Browsers and Emerging Cloud-Based Channels“, which evaluates the responses of security and IT decision-makers at large enterprises and reveals numerous significant findings about today’s enterprise threat landscape.
Perception Point, a leading provider of advanced threat prevention across digital channels, announced the publication of a new report, ‘The Rise of Cyber Threats Against Email, Browsers and Emerging Cloud-Based Channels’.