Github Supply Chain Attack

Uploaded on 2022-08-04 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Resilience

A significant software supply chain attack has been discovered in Github, and while the attack was prevented from spreading further, the ramifications of “supply chain” attacks are clear and intimidating.

Github is the most popular code repository used by over 83 million developers across the globe. Their repository allows developers to track and control the source code that they store in the repository. Its users represent the largest coding community in the world. 

 

What Is Github?

Github allows developers to collaborate on code repositories, so that other developers can contribute to code which is not their own, while giving the owner of the original code full control to accept or reject changes made by another member of the community.

It is common for developers to download code repositories and use the code in their own applications.

In a situation where a developer wants to significantly change the code of another developer, they use Github’s Clone function. This allows a developer to create an exact copy of someone else’s code – where the original version remains untouched under the management of its original author. It retains its existing interaction stats like views, contributions and followers, while the new cloned version is under new ownership with no interaction stats associated with it because it is essentially new code (albeit copied from something existing).

What Happened?

According to research from Check Point, a malicious actor cloned upwards of 35,000 Github repositories and kept them identical to the original source code, with the addition of malicious code. This malicious code was able to build a fingerprint – to collect details of the environment in which it is executed. The code could collect device identity, the identity of the user and possibly additional sensitive data.

More significantly this code included the ability to download additional malware from a third party site. This additional malware could further exploit any application or environment which was using this code which originated in the weaponized cloned repositories in Github.

The developers’ community identified the malicious implant within code that was downloaded from Github and immediately the community feared that source code from the original repositories had been infected by this malware. However, upon further research it became clear that the infected code was in fact Cloned code which had been downloaded from Github under the assumption that the developer was downloading the original non-malicious repository.

This has potentially catastrophic implications for the software supply chain where an unassuming developer mistakenly downloads a cloned code repository which includes malicious code, uses it for their own purposes and then unknowingly provides their users with code that includes malware.

How To Prevent Supply Chain Attacks

The practice of shifting security “left” and providing security teams with automated tools for DevOps to embed  security into their pipelines is not new, but adoption is slow. This attempt to attack innumerable environments and applications is a clear example of why supply chain security is critical.

CheckPoint recommends software developers use automated security tools to scan source code to ensure that all code is security centric, eliminating threats at the earliest phase.

Check Point

You Might Also Read: 

Improving The Security Of Open Source Software:

 

« Perimeter 81 / Zero Trust Network Access Guide
Cybersecurity Essentials For Cloud Environments »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CloudSigma

CloudSigma

CloudSigma, a pure-cloud IaaS provider offers flexible and innovative cloud hosting solutions for companies of all sizes both in Europe and the US.

Brinqa

Brinqa

Brinqa is a leading provider of unified risk management and security analytics.to manage IT governance and technology risk.

Honeynet Project

Honeynet Project

The Honeynet Project is a leading international non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools.

Merlin Cyber

Merlin Cyber

Merlin is a premier cybersecurity platform that leverages security technologies, trusted relationships, and capital to develop and deliver groundbreaking security solutions.

Securepoint

Securepoint

Securepoint is the market leader in the development of professional “Unified Threat Management” solutions in Germany.

Capula

Capula

Capula is a leading system integration specialist for control, automation and operational IT systems across all applications and industry sectors.

ThirdWatch

ThirdWatch

ThirdWatch is a Data Science company with real-time automated fraud prevention solutions.

SHIELD

SHIELD

SHIELD is an established end-to-end fraud management solution that blocks fraudulent activities such as account takeovers, fake accounts creation, fraudulent payments, loyalty fraud and more.

Invest Ottawa

Invest Ottawa

The IO Accelerator Program is designed to rapidly and systematically accelerate the development and commercial success of high growth technology firms.

CounterFind

CounterFind

CounterFind is turnkey technology that allows brands to find and remove counterfeit and infringing merchandise from online marketplaces and social media sites.

Adit Ventures

Adit Ventures

Adit Ventures is a venture capital firm with a focus on dynamic growth sectors including AI & Machine Learning, Big Data, Cybersecurity and IoT.

JaCIRT

JaCIRT

JaCIRT is the national Cyber Incident Response Team for Jamaica, established to deliver on the mandate outlined in the GoJ’s National Cyber Security Strategy.

IoTeX

IoTeX

Building the connected world. IoTeX is a fast, secure, and decentralized platform that connects real world devices/data to the blockchain.

SecurIT360

SecurIT360

SecurIT360 is a full-service specialized Cyber Security and Compliance consulting firm.

Shield Capital

Shield Capital

Shield Capital helps founders build frontier solutions in cybersecurity, artificial intelligence, space & autonomy for commercial and government enterprises.

HEQA Security

HEQA Security

HEQA Security (formerly QuantLR) offer the world’s most cost-effective, easy-to-integrate, and secure Quantum Key Distribution (QKD) solution