February 24, 2021

Companies Keep Learning a Hard Lesson: The CD Projekt Red Hack

Don Mills

A few months ago, I posted an article about what DevOps and Security teams could learn from the SolarWinds hack. And now I'm back with another high-profile attack on a company that had their DevOps infrastructure exploited.

Earlier this month, the game development company CD Projekt Red announced they were hit with a targeted cyber-attack. The attackers broke into their internal infrastructure, exfiltrated data, and left behind ransomware that encrypted their entire storage, demanding money in return. Luckily, CD Projekt Red immediately refused to pay the ransom and began recovery efforts.

We can learn a lot from this story, but I want to focus on two main points. The first is just some good ole fashioned common sense and the second has implications for DevOps security.

A win and a warning

  1. They had good, current backups. A peer of one of our customers recently told them that they should have cyber insurance "in case of ransomware." I explained to the customer that reliable and frequent backups are a form of ransomware insurance, and perhaps the best kind. It's all good to get paid after the fact, but if you can just recover and move on like CD Projekt Red did— even better.
  2. They identified and targeted the company's source control/storage system. Boom. Right there. In the note. The attackers said... "We have dumped FULL copies of your source codes from the Perforce server for {list of all their most valuable intellectual property}." Perforce, for those not aware, makes DevOps tooling, including version control systems for source code. So, the attackers also stole years of the company's work and future revenue stream in one swift go. Not to mention, potential exploits could be discovered in the source code that could put an entire install base at risk...

This case, and the rising number of related cases, demonstrates once again that the security of your DevOps pipeline and tooling is as essential to your company as the products those pipelines produce. An attack on that tooling can be an instant crippling blow or a persistent growing threat that hides for months.

Don't let your company become another name in the headlines

At SingleStone, we specialize in DevOps security. Let us show you how to get (and keep) the assurance that your DevOps tools not only help you perform better and faster but also protect your most important assets.

Contributors

Don Mills

Chief Security Architect
Alumni
Go to bio