Download Now

First Name

Last Name

Company

Country

State

Postal Code - optional

Thank you!

Error - something went wrong!

The Anatomy of the Codecov Breach: A CyberArk Labs Webinar

July 23, 2021

The breach on code testing software vendor Codecov could have easily gone unnoticed for an indefinite amount of time.

Bearing resemblance to the 2020 SolarWinds attack, it’s another example of highly evasive supply chain infiltration in which malicious actors target and steal credentials to get to their intended target. For Codecov – the target was amongst their 29,000 customers worldwide.

As the long-term impact of this breach is still being investigated -- the team at CyberArk Labs reports their findings after analyzing the attack.

Here’s what's covered:

Hacks and backdoors: an examination of the Codecov attack chain
Discovering the breach: how months could have been years
Cloud & DevOps: operational challenges and threats
Fragmented Security Architecture: Rise of the Shadow Admin
Supply Chain Attacks: The different types, ramifications and fallout
Taking the learnings: A discussion on mitigation strategies.

Ransomware Protection, a Gold-Medal Team Approach

If the cybersecurity industry was to adopt a motto, the Summer Games’ 2021 “Faster, Higher, Stronger — Toge...

How Healthcare Can Stay Ahead of Ransomware

Learn why healthcare needs an integrated identity security strategy to prevent ransomware attacks.

Up Your Security I.Q. by Checking Out Our Collection of Curated Resources.

The Anatomy of the Codecov Breach: A CyberArk Labs Webinar

Previous Article

Next Article

STAY IN TOUCH

The Anatomy of the Codecov Breach: A CyberArk Labs Webinar

Previous Article

Next Article

Recommended for You

Learn key differences between endpoint privilege security and management – and how CyberArk’s security-first approach helps organizations employ both, to protect against attacks.

Learn about the CyberArk 2023 Identity Security Threat Landscape Report.

Join CyberArk’s Andy Thompson as he shows how cookies and session IDs can be stolen with ease and how EPM can prevent this and emerging techniques.

Join our experts as we explore the critical role of least privilege in endpoint security and how to strengthen an organization’s security posture.

Learn how U.S. federal government agencies can defend against cyberattacks with least privilege and privilege threat protection on endpoints.

Join Accenture, Deloitte, PwC and KPMG on this panel during IMPACT 2023, CyberArk's annual customer and industry conference, around measure and deliver value with Identity Security.

Identity-led cybersecurity exposure is on the rise.

This guide explains how endpoint privilege security fills the security gaps in your organization that might render you vulnerable to threats.

Learn how policy-based role-specific least privilege delivers control over privileged actions on servers and how to reduce privilege risk with the QuickStart framework.

Watch Practical Least Privilege to learn about benefits of role-specific least privilege and how to stay on track for endpoint security.

AI Tool Use, Employee Churn and Economic Pressures Fuel the Identity Attack Surface

Protecting endpoints is more important than ever, as existing threats like ransomware continue to damage organizations and emerging threats like AI-driven attacks add to the problem. As attackers...

2023 Attack and Defend Virtual Series Session One

Key insights on how the CyberArk Blueprint for Identity Security can help you to mature your program.

This whitepaper explains the importance of CyberArk EPM use cases including removing local admin rights and reducing least privilege.

A buyer’s guide for finding an identity security platform to reduce risk and enable efficiency.

Identity Security enables Transformative organizations to outperform peers and improve business outcomes. Learn about the security and business benefits were possible with Identity Security.

The implementation of Zero Trust is a time-consuming process. Here we focus on the ‘How To’ of implementing Zero Trust and the associated lessons learned to date.

ISMG, Accenture, Cox Communications, and CyberArk discuss how to secure endpoints without sacrificing end-user experience and the differences between EDR and EPM and how they work together.

In 1999, a far-fetched movie about a dystopia run by intelligent machines captured our imaginations (and to this day, remains my favorite film). Twenty-four years later, the line between fact and...