New Cyber Threat: Developer Workstations Linked to Software Security

The Software Supply Chain: More Critical Than Ever

The way software is created and distributed, also known as the software supply chain, has changed significantly in recent years. In the past, the idea was simple: a programmer writes code, this code is tested, and then the product is delivered to the customer. Today, this process is much more complex and consists of numerous steps, tools, and systems.

More and more companies rely on external services and intricate systems to develop and update their software. This makes the entire chain more vulnerable to attacks. Attackers have understood this and are shifting their focus.

They are increasingly trying not only to sneak malicious code into existing software but also to steal the access needed to create and secure that software in the first place. This is a worrying development that puts the digital security of companies under pressure. This is no longer just about hacking servers, but a much more direct approach.

The attacker delves deeper into the foundation.

Recent Attacks: A Dive into Cybercriminals' Methods

In a short period of just 48 hours, we saw three separate large-scale cyberattacks occur on well-known platforms: npm (for JavaScript), PyPI (for Python), and Docker Hub (for software containers). The goal of these attacks was clear: to gain access to sensitive information stored by developers and in systems that automatically build and test software (also known as CI/CD pipelines). These types of systems are essential for delivering software quickly and efficiently.

The information attackers tried to obtain included API keys. These are a type of digital password that computer systems use to communicate with each other. They also attempted to steal cloud data, which are the login credentials for storage and services in the 'cloud.'

In addition, SSH keys and various tokens were sought after. These latter are essentially digital access cards that grant access to systems and data.

The method behind these attacks is clever. Instead of directly attacking the servers of large software companies, criminals target the weaker link: the developer's workstation. These are the computers on which programmers perform their daily work.

These workstations often contain, directly or indirectly, the keys to many secure systems. By obtaining these keys, attackers gain the same rights as the developer themselves, with all the consequences that entails.

What Does This Mean for SMBs?

For small and medium-sized businesses (SMBs), this development can be significant. Many SMBs use software developed by external parties, or they use tools distributed via these platforms themselves. Furthermore, they often expand their own IT infrastructure with cloud services and link different systems together with APIs.

The biggest concern is that if a software vendor's developer is compromised, it can lead to the spread of malicious software to all of that vendor's customers. Even if your own systems are well-secured internally, you can still be affected through the software you use. Moreover, if your company develops or integrates software itself, and your own developers' workstations are not optimally secured, your own systems and those of your customers could be at risk.

The stolen data, such as API keys and cloud credentials, can be used to:

• Gain unauthorized access to your cloud environment.
• Steal or manipulate sensitive customer data.
• Install crypto-malware that brings your systems to a halt.
• Carry out further attacks on your network or that of your contacts.
• Disrupt your business operations.

It is therefore crucial to realize that your suppliers and their security measures also affect your own digital security. And that the developer's workstation itself has become an important part of the overall security chain.

Protecting Developer Workstations: A Priority for SMBs

The security of developer workstations is no longer a luxury but an absolute necessity, especially for SMBs. Attackers are now using these workstations as a gateway to larger systems. It is therefore essential to take proactive steps to address this vulnerability.

This requires a combination of technical measures and employee awareness.

A first step is to implement strong access controls. This means that not everyone should have access to sensitive systems or data without authorization. Use multi-factor authentication (MFA) wherever possible, even on the workstations themselves.

MFA adds an extra layer of security, making it much harder for attackers to gain entry with stolen credentials. Think of using codes via an app or a physical token.

Regular software updates are also vital. Criminals often exploit known vulnerabilities in outdated software. Ensure that both the workstation's operating system and all development tools and programming languages used are up to date.

This also applies to installed security software, such as antivirus programs.

In addition, establishing clear security guidelines for developers is crucial. This includes rules about storing sensitive information, such as passwords and keys. Use secure password managers for this and never record them in plain text files or code.

Ensure that developers know how to recognize suspicious emails or links and are not allowed to install unknown software on their workstations.

Carefully monitoring system activity can help detect suspicious patterns early on. For example, if a lot of data is suddenly downloaded or if strange commands are executed, this could indicate a possible attack. By taking these signals seriously and responding quickly, you can limit the damage.

Finally, it is advisable to thoroughly check the security measures of external software vendors. Inquire about the steps they take to secure their software supply chain and how their developer workstations are protected. For SMBs, it may even be wise to work with an IT security specialist who can advise and support you in implementing the right measures and minimizing risks.

Awareness and Training: The Human Factor

Technical solutions are an important part of cybersecurity, but the human factor often remains the weakest link. Even with the best security systems, one careless employee can cause a major security breach. Therefore, awareness and training of your staff, especially developers, are crucial.

Ensure that your developers are well-informed about the latest cyber threats and the techniques attackers use. This helps them stay vigilant and recognize potentially dangerous situations. Think about learning to recognize phishing attacks, where attackers impersonate legitimate organizations to trick users into revealing sensitive information.

Training should also focus on the correct use of security tools. This includes handling passwords securely, using password managers, and understanding the importance of multi-factor authentication. Make it clear that sharing login credentials, even with colleagues, is strictly forbidden.

Developers must learn how to safely handle external software and plugins, and only use trusted sources.

Regular exercises, such as simulated phishing campaigns, can help test and increase employee alertness. Discuss the results openly and provide targeted training where needed. A culture where security is taken seriously, where employees feel safe to voice concerns about potential risks, is a powerful defense.

Invest in these trainings and ensure they are kept up to date. This builds a stronger digital defense, where every employee is aware of their role in protecting the organization against cyberattacks. This is an investment that pays for itself by preventing costly data breaches and disruptions.

Conclusion

The recent cyberattacks on important software platforms show that attackers' focus is shifting to the foundation: developer workstations. These attacks have direct consequences for the security of the software we use daily, and therefore also for SMBs. It is essential to take the security of developer workstations seriously.

Use strong access controls, keep software up to date, establish clear guidelines, and invest in the awareness and training of your employees. By acting proactively and taking the risks seriously, you protect your company against this new generation of cyber threats.

**Want to know more? ** Also see how Assist2go can help with the right IT service for your company.