Connect with us

Hi, what are you looking for?

Tech & Science

What GitHub’s security breach says about IT vulnerabilities

At the heart of the attack is phishing and this is one of the most common entry attacks.

Computer systems are vulnerable to cyberattack. — Image © Tim Sandle
Computer systems are vulnerable to cyberattack. — Image © Tim Sandle

Threat actors are impersonating GitHub’s security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos.

This came to light when a research team at Checkmarx discovered that cyberattackers had used a technique to fabricate commit messages to trick developers into thinking it was contributed by the real Dependabot, in order to carry out malicious activity.

At the heart of the attack is phishing and this is one of the most common entry attacks. This carries implications for the business community. According to Jason Kent’s, Hacker In Residence at Cequence Security

Kent poses the following dilemma: “When a person or organization utilizes a 3rd party to store their code repositories they need to have a disruption plan in place. If there was nothing nefarious going on, the 3rd party could have a disruption. Or, like when the DYNDNS DDOS happened, they might just go offline. But what if something nefarious happens?”

Expanding on this scenario, Kent continues: “Many organizations require a Software Escrow in the event that a system they have purchased is suddenly no longer supported and keeping the systems alive is a priority. However, most organizations that use GitHub consider their software safe because GitHub keeps them safe.”

Moreover, Kent offers: “It is entirely possible that a disgruntled employee could destroy the code repo, or even a simple mistake might take large portions of it out of the system. This could cause a huge problem. That’s why these phishing attempts, and their successes, are a major issue for the victims.”

Returning to the issue at hand, Kent indicates: “GitHub is supposed to be a way for people to easily store, share and collaborate on software code. Some of the features are things like communication channels in the repo to make comments.”

As to the consequences, Kent finds: “Utilizing this an attacker can comment that they are from GitHub and are trying to help. “Install this new security authentication service” or “utilize these new systems for better productivity” are messages that feel like they are making things better. However, victims that install those new services are finding their repo empty except for an extortion letter.”

In terms of the best responses, Kent suggests: “What should you do if you are a GitHub user? Make sure you know the application you are hooking into your repo is legit. How do you know that? Assume all contact is phishing and verify the source.”

Kent further recommends: “Also, before you do any of this, ask on GitHubs forums if this OAUTH service is legitimate and has been used successfully. Have a backup strategy that doesn’t include GitHub. Be able to recover if the entire service goes down and you will be ready in the event someone deletes your repo.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

Floodwater fills a cemetery as Hurricane Francine moves in on September 11, 2024 in Dulac, Louisiana - Copyright GETTY IMAGES NORTH AMERICA/AFP Brandon BellWill...

Business

Shares in UniCredit rose as its CEO said acquiring Commerzbank was a possibility - Copyright AFP Alexander NEMENOVUniCredit is studying a takeover of Commerzbank,...

Business

Products grown on recently deforested land will soon be banned from the European Union - Copyright AFP/File Jason RedmondBrazil said Thursday it has urged...

Business

The Dutch city of The Hague has become the first in the world to pass local laws banning advertisements for fossil fuels.