Rapid7 says its source code was accessed after CodeCov hack

Cyber criminals gained access to code used for internal tooling and its flagship detection and response service

Cyber security firm Rapid7 has revealed that a cyber attack against its supplier CodeCov led to hackers accessing a subset of its source code repositories.

The code coverage platform CodeCov suffered an incident last month in which attackers broke through its defences and modified its Bash Uploader script, meaning hundreds of clients who executed the script may have also been compromised.

Rapid7, which uses the service, confirmed it was among the string of companies whose networks were infiltrated due to the attack. The cyber criminals accessed source code used for the firm’s internal tooling as well as its managed detection and response (MDR) service.

MDR is a set of capabilities that Rapid7 markets as being able to detect advanced threats and stop attackers while infiltration attempts are in process. Part of the package includes threat hunting, 24/7 monitoring, as well as rapid incident response.

The source code repositories accessed also contained internal company credentials, which have all been rotated, and alert-related data for a portion of MDR customers. Rapid7 has said it has contacted any customers that may be affected.

Codecov develops auditing tools that clients can use to see how thoroughly their own code is being tested, which may give this tool access to credentials for internal software accounts.

Related Resource

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

cost of a data breach report 2020 - whitepaper from IBMDownload now

Following the breach, the FBI feared that the attackers used an automated system to copy those credentials and raid additional resources, according to Reuters.

IBM was also among the companies to have revealed they were using Codecov, although a spokesperson told the publication at the time that they had found no modifications of code involving IBM or its clients.

The hack, described as a supply chain attack, is eerily similar in nature to both the SolarWinds Orion attack in late 2020 and the Microsoft Exchange Server breach earlier this year. These are considered among the worst security incidents in recent months, and both saw potentially thousands of businesses compromised after the systems of their supplier, in each case, was breached.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021
Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition
mergers and acquisitions

Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition

14 Sep 2021