Breaking NewsIndustry Observations

Monthly AppSec News Round Up — May 2021 Edition

Just when we thought we had seen the worst when April’s news broke of Facebook and Clubhouse breaches, we were in for a big surprise. The worst had yet to come.
At the cusp of every security trend and alert, WhiteHat Security’s team of security professionals, executives, and researchers were quick to offer their perspective and guidance around the explosive security news in May.

Here is a glimpse into the events that defined the world of security this month:

MAY 6: Bloomberg reported on one of the biggest ransomware attacks of the year. The Colonial Pipeline hack uncovered that attackers stole nearly 100GB of data in two hours. The resulting fallout included fuel shortages along the East Coast and the Colonial Pipeline CEO paying $4.4M in ransom.
In speaking with Security Week and Security Magazine, Setu Kulkarni, VP of Business Development and Corporate Strategy at WhiteHat, shared his thoughts on how existing vulnerabilities in software-driven supply chains allow cybercriminals to plant system-wide long-running attacks.

“Connected industrial control systems now have given adversaries access to our distribution systems. What is worse is that with such remote access, the relative anonymity, and the potential safe-harbor, adversaries do not have any deterrent to launch such malicious and profound attacks…While cyber is a part of each one of our defense forces, it is time to recognize and elevate Cyber Force as the eighth force in our national defense.”


May 12: Within a week of the Colonial Pipeline attack, President Biden released an executive order with the intent to improve the nation’s cybersecurity. With the Colonial Pipeline attack representing just one of the estimated 184 million ransomware attacks threatening Americans, the executive order reaffirmed the rampant cyber risks threatening our critical infrastructure and the increasing need to “enhance software supply chain security.” Kulkarni spoke with DICE Insights on his perspective:

“Over the next nine to 12 months, there will be federal guidance and enforcement for vendors through National Institute of Standards and Technology to comply with practices to enhance the software security supply chain, including secure software development environments, ensuring source code integrity, regular application security testing and remediation, ensuring software provenance, publishing the software bill of material and ensuring the provenance of open-source components.”


MAY 13: Security software provider, Rapid7, reported that the company’s source code had been compromised as part of a software supply chain breach in connection to the Codecov network breach that had been discovered in early April 2021. News of the attack spread among the security industry as Rapid7 represented the latest victim in a growing list of software supply chain incidents. Most notably, the SolarWinds hack of late 2020, has left a lasting impression on organizations and customers alike.

Kulkarni was among the first thought leaders to share insight with Security Magazine and Dark Reading.

“Rapid7’s commentary on the issue they faced is another wakeup call for the entire industry and also an example of transparency and accountability on behalf of Rapid7’s team…Broadly though it does highlight why customer-related data should not be stored in code repos and if anything, using dummy anonymized data should be used for testing. The bottom line is that it does not matter if the weakness is in an obscure non-production solitary system meant to perform non-critical backend administrative functions because that system is in turn connected to a critical system somewhere – in this case, the code repos with creds and alert-related data.”


MAY 23: Check Point Research found the data of more than 100 million Android app users had been exposed due to misconfigurations relating to third-party services.
Top publications including SiliconANGLE and Security Magazine reached out to Ray Kelly, Principal Security Engineer at WhiteHat Security, for his commentary after it was identified that 23 popular Android applications from the Google Play Store, including Astro Guru, iFax, Logo Maker, Screen Recorder, and T’Leva, were responsible for exposing the private information of users after not following best practices when configuring and integrating third-party cloud services into their apps.

“Developers tend to think that mobile backends are hidden from hackers.  Search engines such as Google do not index these APIs so it gives a false sense of security when in fact these mobile endpoints can be just as vulnerable as any other website. This is considered ‘Security Through Obscurity’ in the cyber security industry. It is akin to hiding your house key under your doormat and thinking your house is safe. Ensuring that a mobile application is secure requires that the application binary, network layer, backend storage, and APIs are all tested thoroughly for security vulnerabilities that can lead to issues such as data leakage.”


After a busy month of breaches, ransomware attacks, and software-driven vulnerabilities, we continued to see security and IT practitioners, including our own here at WhiteHat Security, step up to defend the security and well-being of fellow professionals by offering their educated insight and guidance into navigating today’s cyber threats.