Spectra Assure Free Trial
Get your 14-day free trial of Spectra Assure for Software Supply Chain Security
Get Free TrialMore about Spectra Assure Free TrialSupply Chain Risks in Art and Life ... Even 'The Simpsons'
In this episode, Matt touches on real-life software supply chain security cases such as the recent 3CX hack, and how popular media from past and present both imitates and forewarns this kind of threat.
Keep learning
• Related: The 3CX hack gets wilder
• Special: The Evolution of App Sec
• Special: The State of Supply Chain Security
Episode Transcript
MATT ROSE: Welcome back to another episode of ReversingGlass. I'm Matt Rose, Field CISO at ReversingLabs. Today's episode is three things all together. It's the 3CX software, supply chain breach, software supply chain security as a whole, and how life is imitating art, and art is imitating life.
Depends on which angle you look at it. So doing a little more research on 3CX and some more information that has come out in terms of what happened, how it happened. It reminded me of something... if you didn't hear that the hack is a compromise of the signature itself, but it was all propagated by an employee's laptop getting compromised by a nation state actor from North Korea.
Sounds like a movie plot to me. And you know what? It wasn't a movie plot, but something very similar was "The Americans," it was the same type of concept. I'm not sure if you watched The Americans, but it was Elizabeth and Philip embedded deep sleeper cell Russian spies during the Cold War. And many times during the show, it ran for multiple years.
They would compromise a phone system or a computer or something like that to gain access in their spying activities. It's now 2023 and life is imitating art. "The Americans" happened a little while ago, but now this 3CX hack sounds very similar to the plot line of a bunch of "The Americans" episodes.
So thought that was food for color. Just like to have a little fun with some analogies once in a while instead of being all serious all the time. Another example of software supply chain security that came out in kind of modern TV shows is a show that I know a ton of people really enjoy out there is "The Mandalorian," where one of the episodes in the latest season was robots or droids were being hacked by code that was basically controlling them. Again, this is much more recent than what happened with The Americans, but pop culture, movies, videos, all these type of things are really starting to focus in on the same type of aspects of software supply chain security are compromising droid's, robots, or even a laptop or, even a phone system if you're going back to "The Americans" shows.
So this stuff is real, and a lot of times you watch a great show and you think, oh, that was great, but that'll never happen in the real world. Guess what? It's happening. It's currently happening. It's a big deal. And then, the show that always likes to predict the future, as everybody knows is "The Simpsons."
Field CISO at ReversingLabs. Matt Rose has an extensive background in application security, object-oriented programming, multi-tier architecture design and implementation, and internet/intranet development. His areas of expertise include Application Security, SAST, DAST, IAST, SCA, DevSecOps, and Threat Modeling. Matt is an accomplished public speaker and has been quoted in 50+ AST industry media publications.
