Unknown attackers recently attempted to carry out a large-scale supply-chain attack by introducing malicious code to the official PHP GIT repository. If the developers hadn’t noticed the backdoor in time, it could have ended up on many Web servers and led to the largest supply-chain attack in history.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

What happened with PHP

The programmers who develop the PHP language make changes to the code using a common repository built on the GIT version control system. After they implement their additions, the code goes through another review. During a routine check, a developer noticed a suspicious addition that was marked in the comments as a typo correction and added in the name of Nikita Popov, an active PHP developer. Closer examination revealed that it was a backdoor. Popov had authored no such change.

More verification showed that another, similar addition had been uploaded to the repository, this time attributed to Rasmus Lerdorf. Vigilant programmers noticed within hours, so the upcoming PHP 8.1 update (with an anticipated release by the end of the year) will not include the backdoor.

Why the code change was dangerous

A backdoor in the repository could allow attackers to remotely run malicious code on a Web server using the compromised version of PHP. Despite some loss of popularity, PHP remains the most widely used scripting language for Web content, in use by about 80% of Web servers. Although not all administrators update their tools promptly, a fair number keep their servers up to date to comply with internal or external security regulations. If the backdoor had made it into the new version of PHP, it would most likely have spread across the Web servers of many companies.

How the attackers introduced the backdoor

Experts are certain the attack was the result of a vulnerability in the internal Git server, not an issue of compromised developer accounts. In fact, the risk of someone attributing a change to another user has been known for a long time, and after this incident, the PHP support team stopped using the git.php.net server and moved to the GitHub service repository (which was previously just a mirror).

How to stay safe

Development environments are attractive targets for cybercriminals. Once they’ve compromised the code of a software product that customers trust, they can reach multiple targets at once through a supply-chain attack. Millions of users around the world use the most popular projects, so protecting them from outside machinations is especially important.

  • Regularly double-check every code change, even ones supposedly made by eminent and trustworthy programmers;
  • Monitor the security of servers and services used for development;
  • Use specialized online platforms to train employees to detect modern cyberthreats.

By admin