Login
iscover
Tony HadfieldShare this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Tony Hadfield from Venafi outlines five steps organisations can take to protect software code-signing process from cyber attacks.
When the high-profile SolarWinds cyber attack came to light in 2020, it served as a stark reminder of the weaknesses of software supply chains. More than 18,000 of the company’s clients were significantly impacted because its software had become infected with malware.
This type of attack is not new, however the sophistication now in use has grown significantly. For this reason, the tightening of code-signing processes within development teams has never been more important.
The role of code signing
In the SolarWinds attack, the company’s customers trusted that software built by the company would be free of malicious code. They had confidence in the signed software they received, as there was no evidence that tampering had occurred.
While it’s clear that there was no single fix that would have prevented the attack, had a code-signing key been stolen the misuse of those keys could have gone on undetected for much longer. Key protection and access controls are the foundation and are critical to protecting the software pipeline.
Code-signing certificates are machine identities and enable developers to prove that a piece of software is authentic. By digitally signing apps, software, or embedded firmware with a private key, proof is provided to end-users that the code is from a trusted and legitimate source.
However, if code-signing machine identities are poorly protected, there can be significant consequences. The machine identity can be used as a weapon that enables hackers to subvert code signing processes, while appearing to be trustworthy.
A new approach
Traditionally, many companies have tended to protect their software build environments by completely sandboxing them and having no external access. Any source code brought in would be carefully scanned to ensure no known vulnerabilities were present. While this sacrificed some convenience and speed, it enabled the best product possible to be developed.
However, due to the speed of developers and digital transformation business timelines, this approach is no longer possible. A new way to check software while also ensuring security must be found.
One approach that can be taken is to lock down the build pipeline and only allow software packages that have been specifically approved for installation. There is no reason a very static list of approved binaries with valid signatures can’t be checked before being allowed to execute.
A second approach is to tighten code-signing procedures to enforce the strict amount of software packages in the workstation and ensure only trusted code is run. Then only software signed by the vendor becomes part of the build system and any malware installed will be unable to run.
Five steps to preventing attacks
While there is no silver bullet that can fully protect against attacks such as that mounted against SolarWinds, there are five key steps that organisations should take. These steps are:
It’s important for IT teams to constantly monitor and evaluate their security around machine identities. This effort must go above and beyond improving security efforts focused on reducing vulnerabilities in the code.
For risks to be significantly reduced, the entire build process needs to be secured with machine identities. In this way, the chances of cyber criminals gaining access will be reduced along with the risk of costly disruption as the result of an attack.
Tony Hadfield is the senior director of sales engineering at Venafi.
Be the first to hear the latest developments in the cyber industry.
