The South West Police Regional Cyber Crime Unit (RCCU) are reporting that a software development company suffered a network intrusion which resulted in the theft of intellectual property.
The attackers used stolen credit cards to purchase the software and combined this with API keys which had accidentally been leaked on Github, a software development platform, back in 2103, by a former employee.
The software development company could not deactivate the software once it had been sold and once the attacker had gained access they gained the database and exfiltrated the source code for all products worked on in the previous 5 years.
The protection advice from the South West RCCU is
- Implement User Access Controls so that when an employee leaves they are no longer able to access critical data
- Have the ability to remotely deactivate software once sold
- Ensure API keys and sensitive information are not included with any publicly accessible code
- Developers should not use administrator accounts. Generated keys should have restricted access and processes for how unique keys /tokens are generated, audited and removed.
Read the full report and advice South West RCCU Cyber intelligence report 20/09/18
The report also includes advice about Cloud Security and things to consider such as due diligence on them as any third party supplier include having access to audit data, inspecting the data centre, operational security, equipment disposal, incident managment plans, security of personnel, data isolation, external interface, secure user management and SLAs