Created in 2008, GitHub has recorded massive growth amongst developers and companies for its hosting, sharing and software code capabilities. These are available in both open source and proprietary codemaking it very popular with more than 100 million code repositories currently on the platform.
Sadly, this also means that GitHub is a very attractive target for cybercriminals who have used the platform’s popularity as as a basis for several attack types, including ranoms, backdoor attacks and code injection campaigns. GitHub Actions is a feature of GitHub that allows a CI/CD workflow pipeline for software delivery into production. It is one of the main infrastructures in GitHub that automates software workflow. In a recent exploit, experts at Google Project Zero discovered a design vulnerability in GitHub Actions. This vulnerability could allow a hacker write access to a repository, meaning that they could reveal encrypted secrets. One of the experts, Felix Wilhelm, was able to show the vulnerability using Microsoft’s Visual Studio Code GitHub repository, where he could inject code which was then shared with the project’s new issue workflow.
The flaws in Actions allow ways for cybercriminals to exploit the GitHub database network. Recently code injection flaws and vulnerabilities in GitHub Actions allowed crypto-criminals to conduct bit mining malware. The attacks have been registering since late last year. The attack targets repositories using Actions, the automatic execution of software workflows feature to place malicious code into a software workflow. The process leveraged by the hackers is smooth slick: the malicious GitHub Actions code is first forked from original workflows, but then a Pull Request merges the code back, in tandem with the crypto miner code. The key to the attack uses GitHub’s infrastructure to share malware and mine cryptocurrency on GitHub’s servers. The flaw in Actions means that the attack does not need the repository owner to give permission for the Pull Request: The crypto-miner code, misnamed as npm.exe. is hosted on GitHub. The whole attack is expertly devised using a mechanism that has, so far, made a mockery of the critical infrastructure of GitHub.
The worry in relation to this recent crypto mining attack on GitHub repositories, is that the hacker, yet again, leveraging inherent infrastructure of a network. Any weakness in the corporate structure can be targeted. Bolstering the security of these infrastructure hatches is crucial to stopping cyber-attacks. Source code is a critical system and GitHub a critical infrastructure. Firms and vendors using GitHub should ensure they use best security practices. But even groups not using GitHub as a source code repository may well be receiving source code hosted via GitHub. To address this cybersecurity best practices must be implemented. People, processes, and technology are the some of the tje cyber best practices, but adding in awareness of possible infrastructure hacks is vital to keeping your business protected.
Some of the steps that you need to implement include:
- Stopping employees from visiting dangerous URLs or installing malicious software/files
- Preventing staff from accessing infected web portals
- Implementing GitHub security best steps when using the infrastructure to host source code
- Training staff to ensure they are conscious of security tricks and tactics
Preventing these attacks is possible with WebTitan Cloud DNS filter. It will tackle malware, phishing, viruses, ransomware & malicious sites.