In this episode, Matt touches on real-life software supply chain security cases such as the recent 3CX hack, and how popular media from past and present both imitates and forewarns this kind of threat.

Keep learning
• Related: The 3CX hack gets wilder
• Special: The Evolution of App Sec
• Special: The State of Supply Chain Security

Episode Transcript

MATT ROSE: Welcome back to another episode of ReversingGlass. I'm Matt Rose, Field CISO at ReversingLabs. Today's episode is three things all together. It's the 3CX software, supply chain breach, software supply chain security as a whole, and how life is imitating art, and art is imitating life.

Depends on which angle you look at it. So doing a little more research on 3CX and some more information that has come out in terms of what happened, how it happened. It reminded me of something... if you didn't hear that the hack is a compromise of the signature itself, but it was all propagated by an employee's laptop getting compromised by a nation state actor from North Korea.

Sounds like a movie plot to me. And you know what? It wasn't a movie plot, but something very similar was "The Americans," it was the same type of concept. I'm not sure if you watched The Americans, but it was Elizabeth and Philip embedded deep sleeper cell Russian spies during the Cold War. And many times during the show, it ran for multiple years.

They would compromise a phone system or a computer or something like that to gain access in their spying activities. It's now 2023 and life is imitating art. "The Americans" happened a little while ago, but now this 3CX hack sounds very similar to the plot line of a bunch of "The Americans" episodes.

So thought that was food for color. Just like to have a little fun with some analogies once in a while instead of being all serious all the time. Another example of software supply chain security that came out in kind of modern TV shows is a show that I know a ton of people really enjoy out there is "The Mandalorian," where one of the episodes in the latest season was robots or droids were being hacked by code that was basically controlling them. Again, this is much more recent than what happened with The Americans, but pop culture, movies, videos, all these type of things are really starting to focus in on the same type of aspects of software supply chain security are compromising droid's, robots, or even a laptop or, even a phone system if you're going back to "The Americans" shows.

So this stuff is real, and a lot of times you watch a great show and you think, oh, that was great, but that'll never happen in the real world. Guess what? It's happening. It's currently happening. It's a big deal. And then, the show that always likes to predict the future, as everybody knows is "The Simpsons."

And this is going way back to the early seasons of "The Simpsons," but I'll leave it at this episode. I really feel, or this episode or this skit is really interesting in that it is pretty much spot on for recent software supply chain risk. So I'll just play it. You've probably seen it, but Mr. Burns going through all the security, but the back door is open.

So I love this video, you've probably seen it, but I think it's applicable with "The Mandalorian" episode with "The Americans" as a TV show, 3CX software supply chain security is being reflected in life. You better get on board or you gonna miss the boat. So let you finish watching the episode. 

The best security is only as good as its weakest link. Thank you everybody for another awesome episode of ReversingGlass. Again, a little more fun with this one. Just wanted to give some analogies, some food for thought about how these software supply chain risks are real world and even being mimicked in the press, in the past or in the current future.

I'm Matt Rose, Field CISO. Hopefully you enjoyed the episode. Have a great day.