The recent XZ backdoor attack is the perfect example of the increasing use of supply chain attacks. In 2023, Cyber Security Magazine reported that supply chain attacks were up 633%. The reason? It’s harder for businesses to monitor third-party tools than it is for them to monitor native systems. It’s also easier for businesses to give up control and trust third parties to save time. However, trusting third parties leads to huge risks.

In this blog, we’ll be explaining the story behind the XZ backdoor and sharing what security managers can learn to protect their businesses. 

What is XZ?

XZ is a compression utility used as a component of the open-source operating system, Linux. Just like other operating systems like Mac OS and Microsoft, Linux has multiple different packages and formats. However, their XZ tool is pre-installed in a majority of their software packages. It helps compress software, files, and archives, making it essential to almost all packages. 

What is a backdoor?

At the heart of the XZ supply chain attack lies the concept of a backdoor—a way of gaining unauthorized access to a system. Essentially, a backdoor creates a covert entry point, allowing malicious actors to infiltrate and compromise a system’s security. 

county cyber attacks

Photo by Shyam on Unsplash

"It’s been a “super-fantastic” experience to see people learning and talking about security threats."

For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges.  (Limited time offer. Normally valued at $999 USD)

Use Promo Code: 6WEEKS

Cybersecurity Awareness Training for ALL

Take proactive steps to invest in your business’s cyber resilience now to protect your organization from costly data breaches and disruptions. Start easily with our Quickstart Training Bundles. To learn more CLICK HERE.

In the case of the XZ breach, this backdoor could give the attacker access to anything from login information to adding malware. 

What happened? 

The breach unfolded as a supply chain attack that utilized third parties to gain access to the primary organization’s data. The backdoor was only planted a few months ago, but the planning began years in advance when a software developer began to help with the code of the XZ project. In open-source software like Linux, it’s not uncommon for random software developers to appear and help build the code, so nothing seemed suspicious. 

The malicious actor used its access to the code to add a backdoor to the updated versions of the UX utility. In developer terms, the code manipulates the SSH, giving the attacker access to any customer’s network without the entry point being seen. 

The backdoor was caught by another software developer who was using XZ on their computer. They warned about the malicious code in an online forum for open-source software only days after the update went live, saving many companies from facing the consequences of this attack. For all the technical details, see Cyber News

What Security Managers Can Learn

In the wake of this breach, security managers must glean valuable lessons to fortify their defences against future threats:

Heightened Vigilance 

Security managers have a lot on their plate, so it’s easy to trust third parties to do their security checks for you. However, you never know the standards or procedures of a third party and should never trust that checks will be taken care of by someone else. Incorporate third-party monitoring checks into your typical security protocols to detect suspicious activities.

Evaluating Open-Source Risks

While open-source software offers numerous benefits, it’s crucial to assess associated risks. Had XZ not had code that was able to be accessed by the public, this backdoor would never have been created. Consider not using open-source software or at the very least implement stringent vetting processes for any open-source tools before integration into any company networks. 

Use Network Monitoring Tools 

Improve your defence mechanisms with network monitoring tools capable of identifying and thwarting unauthorized access attempts promptly. Although they may not have caught the malicious code, they could potentially spot any suspicious activity the cyber criminal would do after entering your network. Network monitoring tools are worth the initial investment to save you in the long run!

Cultivate Security Awareness 

Foster a culture of security awareness within your organizations. Add training modules and have conversations around the importance of evaluating third-party tools and remaining vigilant against potential threats that they bring. Your employees can become the best defence against supply chain attacks. 

This XZ breach is a crucial reminder that third-party and supply chain partners cannot be forgotten in your security program. When using any third party, be vigilant about staying up to date with any of their updates and security protocols. Have high standards for what you want to add to your network and educate your employees so they do the same. Stay safe, everyone!