Github Supply Chain Attack

A significant software supply chain attack has been discovered in Github, and while the attack was prevented from spreading further, the ramifications of “supply chain” attacks are clear and intimidating.

Github is the most popular code repository used by over 83 million developers across the globe. Their repository allows developers to track and control the source code that they store in the repository. Its users represent the largest coding community in the world. 

 

What Is Github?

Github allows developers to collaborate on code repositories, so that other developers can contribute to code which is not their own, while giving the owner of the original code full control to accept or reject changes made by another member of the community.

It is common for developers to download code repositories and use the code in their own applications.

In a situation where a developer wants to significantly change the code of another developer, they use Github’s Clone function. This allows a developer to create an exact copy of someone else’s code – where the original version remains untouched under the management of its original author. It retains its existing interaction stats like views, contributions and followers, while the new cloned version is under new ownership with no interaction stats associated with it because it is essentially new code (albeit copied from something existing).

What Happened?

According to research from Check Point, a malicious actor cloned upwards of 35,000 Github repositories and kept them identical to the original source code, with the addition of malicious code. This malicious code was able to build a fingerprint – to collect details of the environment in which it is executed. The code could collect device identity, the identity of the user and possibly additional sensitive data.

More significantly this code included the ability to download additional malware from a third party site. This additional malware could further exploit any application or environment which was using this code which originated in the weaponized cloned repositories in Github.

The developers’ community identified the malicious implant within code that was downloaded from Github and immediately the community feared that source code from the original repositories had been infected by this malware. However, upon further research it became clear that the infected code was in fact Cloned code which had been downloaded from Github under the assumption that the developer was downloading the original non-malicious repository.

This has potentially catastrophic implications for the software supply chain where an unassuming developer mistakenly downloads a cloned code repository which includes malicious code, uses it for their own purposes and then unknowingly provides their users with code that includes malware.

How To Prevent Supply Chain Attacks

The practice of shifting security “left” and providing security teams with automated tools for DevOps to embed  security into their pipelines is not new, but adoption is slow. This attempt to attack innumerable environments and applications is a clear example of why supply chain security is critical.

CheckPoint recommends software developers use automated security tools to scan source code to ensure that all code is security centric, eliminating threats at the earliest phase.

Check Point

You Might Also Read: 

Improving The Security Of Open Source Software:

 

« Perimeter 81 / Zero Trust Network Access Guide
Cybersecurity Essentials For Cloud Environments »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

GovCERT.HK

GovCERT.HK

GovCERT.HK is the Government Computer Emergency Response Team for Hong Kong.

RiskSense

RiskSense

RiskSense empowers enterprises and governments to reveal cyber risk, quickly orchestrate remediation, and monitor the results.

Verve Industrial

Verve Industrial

Verve specialize in providing software and services to help protect and secure critical industrial control systems.

Cyber Exchange

Cyber Exchange

Cyber Exchange provides a focal point for UK organisations connected with, or with an interest in, cyber security to connect, engage and collaborate.

Meiya Pico Information Co

Meiya Pico Information Co

Meiya Pico is the leading digital forensics and information security products and service provider in China.

Momentum Cyber

Momentum Cyber

Momentum Cyber provides world-class M&A and strategic advice combined with unparalleled senior-level access to the Cybersecurity ecosystem.

Infigo IS

Infigo IS

INFIGO IS specializes in information security consulting services. Our employees are leading information security experts in Croatia.

Cytellix

Cytellix

Cytellix is an industry-standards-based, managed cybersecurity service provider, specializing in proactive behavioral analytics and situational awareness of an organization’s cyber posture.

L3Harris Technologies

L3Harris Technologies

L3Harris Technologies is a global aerospace and defense technology innovator, delivering solutions to meet mission-critical needs across air, land, sea, space and cyber domains.

Melius Cyber Security

Melius Cyber Security

Melius Cyber Security has developed a world-leading SaaS platform, Cyber Safe Plus, built around continuous assessment and improvement through vulnerability scanning and penetration testing

WhizHack Technologies

WhizHack Technologies

WhizHack's mission is to not only create a pipeline of cyber security products but also to empower people to sustainable innovation in securing digital assets of tomorrow.

AVANT Communications

AVANT Communications

AVANT is a premier distributor of next generation technologies with the resources and relationships needed to successfully navigate the ever-changing world of communications and IT infrastructure.

Prembly

Prembly

Prembly are a compliance and security infrastructure company.

Anzen Technology Systems

Anzen Technology Systems

Anzen create software solutions which allows organisations to utilize the public cloud for sensitive or classified information, whilst increasing data security and retaining data sovereignty.

Kontra

Kontra

Kontra application security training is an interactive and intuitive learning experience that engages developers.

CardinalOps

CardinalOps

The CardinalOps platform continuously assesses your detection posture and eliminates coverage gaps in your existing detection stack so you can easily implement a threat-informed defense.