Securing the Internet, Open Source and Other Easter Stories : CVE-2024-3094

Dear listers,
Once in a while, we are reminded of how the internet is fragile and how
securing it is even more fragile.
Someone or a team managed to add a backdoor to software that’s used by
approximately 80% of the internet. This backdoor would have allowed
unauthorized remote access to any affected system. This was detected by
sheer luck and is being tracked as CVE-2024-3094; see attached.

This attack is suspected to be the work of a nation-state actor and might
have started in 2022. It shows the threat posed by supply chain attacks and
open-source software. It also highlights the challenges involved in
maintaining open-source software and how a malicious threat actor can
exploit these challenges to their advantage.
Organizations should invest in processes and tools that maintain a software
bill of materials (SBOM). This ensures that attacks like this can be
detected faster and improves organizational mean time to detect (MTTD).
Security is a layered approach. As much as CVE-2024-3094 would have gone
unnoticed, a reduced threat surface would have reduced the possibility of
the threat.