<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1076912843267184&amp;ev=PageView&amp;noscript=1">

Supply Chain Risks in Art and Life ... Even 'The Simpsons'

May 4, 2023

In this episode, Matt touches on real-life software supply chain security cases such as the recent 3CX hack, and how popular media from past and present both imitates and forewarns this kind of threat.

Keep learning
Related: The 3CX hack gets wilder
• Special: The Evolution of App Sec
• Special: The State of Supply Chain Security

Episode Transcript

MATT ROSE: Welcome back to another episode of ReversingGlass. I'm Matt Rose, Field CISO at ReversingLabs. Today's episode is three things all together. It's the 3CX software, supply chain breach, software supply chain security as a whole, and how life is imitating art, and art is imitating life.

Depends on which angle you look at it. So doing a little more research on 3CX and some more information that has come out in terms of what happened, how it happened. It reminded me of something... if you didn't hear that the hack is a compromise of the signature itself, but it was all propagated by an employee's laptop getting compromised by a nation state actor from North Korea.

Sounds like a movie plot to me. And you know what? It wasn't a movie plot, but something very similar was "The Americans," it was the same type of concept. I'm not sure if you watched The Americans, but it was Elizabeth and Philip embedded deep sleeper cell Russian spies during the Cold War. And many times during the show, it ran for multiple years.

They would compromise a phone system or a computer or something like that to gain access in their spying activities. It's now 2023 and life is imitating art. "The Americans" happened a little while ago, but now this 3CX hack sounds very similar to the plot line of a bunch of "The Americans" episodes.

So thought that was food for color. Just like to have a little fun with some analogies once in a while instead of being all serious all the time. Another example of software supply chain security that came out in kind of modern TV shows is a show that I know a ton of people really enjoy out there is "The Mandalorian," where one of the episodes in the latest season was robots or droids were being hacked by code that was basically controlling them. Again, this is much more recent than what happened with The Americans, but pop culture, movies, videos, all these type of things are really starting to focus in on the same type of aspects of software supply chain security are compromising droid's, robots, or even a laptop or, even a phone system if you're going back to "The Americans" shows.

So this stuff is real, and a lot of times you watch a great show and you think, oh, that was great, but that'll never happen in the real world. Guess what? It's happening. It's currently happening. It's a big deal. And then, the show that always likes to predict the future, as everybody knows is "The Simpsons."

And this is going way back to the early seasons of "The Simpsons," but I'll leave it at this episode. I really feel, or this episode or this skit is really interesting in that it is pretty much spot on for recent software supply chain risk. So I'll just play it. You've probably seen it, but Mr. Burns going through all the security, but the back door is open.

So I love this video, you've probably seen it, but I think it's applicable with "The Mandalorian" episode with "The Americans" as a TV show, 3CX software supply chain security is being reflected in life. You better get on board or you gonna miss the boat. So let you finish watching the episode. 

The best security is only as good as its weakest link. Thank you everybody for another awesome episode of ReversingGlass. Again, a little more fun with this one. Just wanted to give some analogies, some food for thought about how these software supply chain risks are real world and even being mimicked in the press, in the past or in the current future.

I'm Matt Rose, Field CISO. Hopefully you enjoyed the episode. Have a great day.

Matt Rose

About Author: Matt Rose

Field CISO at ReversingLabs. Matt Rose has an extensive background in application security, object-oriented programming, multi-tier architecture design and implementation, and internet/intranet development. His areas of expertise include Application Security, SAST, DAST, IAST, SCA, DevSecOps, and Threat Modeling. Matt is an accomplished public speaker and has been quoted in 50+ AST industry media publications.

Related episodes

ReversingGlass

RG: Tampering

ReversingGlass

Development Secrets

Artificial Intelligence (AI)/Machine Learning (ML)

ReversingGlass: EO on AI: What security teams need to know

ReversingGlass

Shift Up Your SBOM

ReversingGlass

Who is ReversingLabs?

Artificial Intelligence (AI)/Machine Learning (ML)

AI and Software Supply Chain Security: Proceed with Caution

ReversingGlass

What the heck is an SBOM?

ReversingGlass

What is ReversingGlass?

Subscribe

Sign up now to receive the latest weekly
news from ReversingLabs

Get Started
Request a DEMO

Learn more about how ReversingLabs can help your company reduce attack surface risks with deep software and file threat analysis to speed release and response. 

REQUEST A DEMO