written by Josh Cohen from the Trade Office in Washington DC, USA
As Americans’ attention turned to barbeques and beer at the beginning of the recent Labor Day holiday weekend, the cyber warriors of U.S. Cyber Command had something else on their minds: Alerting the 180,000 users of Atlassian’s Confluence software that they risked becoming victims of a massive ongoing software supply chain attack.
In a September 3rd Twitter post, USCYBERCOM warned that “Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate. Please patch immediately if you haven’t already – this cannot wait until after the weekend.”
It’s easy to see why USCYBERCOM was so spooked. According to its website , Atlassian’s Confluence software will “give your team a place to create, capture, and collaborate on any project or idea….so every team member has visibility into institutional knowledge and access to the information they need to do their best work.” Due to its open and collaborative nature, an attacker who manages to penetrate an organization’s Confluence collaborative workspace could abscond with a massive amount of private business information, as well as launch follow-on supply chain attacks against customers and vendors. And coming on top of other software supply chain attacks such as Solar Winds, Codecov and Kaseya, it would clearly behoove software vendors to proactively deploy solutions that can prevent code tampering and protect the integrity of the software development lifecycle, especially in this new era of “always-on” Continuous Integration/Continuous Deployment (CI/CD).
Luckily for developers there are an increasing number of cybersecurity companies that specifically focus on protecting the security of developers’ code. And not surprisingly, a lot of these companies are Israeli:
WhiteSource Software https://www.whitesourcesoftware.com/ WhiteSource provides a comprehensive solution for protecting the security of open-source software packages.. It integrates with development environments and the DevOps pipeline to detect open-source libraries with security or compliance issues in real time. WhiteSource also provides actionable, validated remediation paths to enable quick resolution and automated policy enforcement to speed up time-to-fix. WhiteSource provides support for over 200 programming languages and continuously tracks multiple open-source vulnerability databases including the US National Vulnerability Database, security advisories, peer-reviewed vulnerability knowledge bases, and open-source project issue trackers.
Argon Security https://argon.io/ Argon provides holistic security for software supply chains. Argon enables DevOps and security teams to create tamper-proof software delivery pipelines, from commit to release. The company’s first-to-market security solution delivers visibility, security, and integrity to CI/CD pipelines, ensuring increased trust in software releases.
Spectral https://spectralops.io/ Spectral provides an automated code security platform for companies and developers. Spectral’s developer-first approach enables software to be secured and shipped freely on any platform through real-time detection and mitigation of security flaws that can lead to massive data breaches and business continuity issues.
Dustico https://dusti.co/ Demonstrating the growing importance of protecting software supply chains, Dustico – despite being barely a few months out of stealth- was just acquired by the Israeli cyber firm Checkmarx. Dustico provides a dynamic source-code analysis platform to prevent open-source software supply-chain attacks. Its code sandbox detects malicious behavior in code changes (combining static and dynamic analysis), helping to prevent unwanted malicious code and open-source packages before the code is deployed to production.
Cycode https://cycode.com/ Cycode utilizes its patent-pending Source Path Intelligence engine to provide IT security teams with visibility across all of their on-premises and cloud-based source-code management systems, automatically detecting and responding to anomalies in source code access, movement, and manipulation. Cycode enables users to rapidly and effectively respond to threats as they materialize by implementing new security controls and adjusting existing ones.