Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Work Data. Show all posts

GitHub: Why it's a Hotspot of Attackers & How to Stay Secure?

 

Okta disclosed a security breach last week in which its GitHub-hosted source code was compromised by an attacker. That is merely the most recent instance in a long line of attacks that have succeeded in accessing corporate source code on GitHub. GitHub accounts for Dropbox, Gentoo Linux, and Microsoft have all previously been targeted. 

GitHub is the most well-liked source code management service for both private enterprise code repositories and open source code repositories, with 90 million active users. It is a significant component of the world's basic infrastructure and the custodian of some of the most sensitive resources and data. It makes sense why source code is becoming a more popular target for attackers. In other circumstances, like Okta, they might be attempting to obtain the source code.

If a hacker has access to private source code, they can review it for security holes and then take advantage of those flaws in subsequent attacks. To access databases and cloud services hosted by Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform, attackers can also collect hard-coded keys, passwords, and other credentials that may be stored in GitHub (GCP). Intellectual property, legitimate login credentials, and a nice list of production software vulnerabilities that are ready to be exploited can all be found in a single stolen repository.

Using this method, the hacking organization Shiny Hunters, which is known to target private GitHub repositories in particular, has compromised a number of businesses and sold their data on several Dark Web marketplaces.

GitHub is without a doubt an essential component of the organization's infrastructure, but securing it is a difficult identity security issue. Unrestricted cooperation is one of the GitHub model's greatest strengths, but it also presents one of the largest challenges to contemporary IT security.

Just consider it: By 2022, everyone who is even vaguely technical has a GitHub account. Additionally, you can do everything with your GitHub account. These accounts allow us to work on side projects for ourselves, contribute to open source projects, and contribute to both public and private code repositories that are ultimately owned by our employers. That is a lot of laborious work for just one identity!

The "Sign in with GitHub" function also allows you to utilize your GitHub identity on websites and services other than GitHub itself. There's more, too: Being able to download, push, and clone code from GitHub's servers to your local machine using git operations over HTTPS and SSH, which require your GitHub identity, makes GitHub distinctive. Other services only require you to sign in to their websites.

When GitHub announced the deprecation of usernames and passwords for git operations last year, it was clear that they were aware of the security concerns. This was a positive step.

Tips for Securing Your GitHub

While GitHub offers tools to secure the environment, businesses must understand how to employ them. Unfortunately, GitHub Enterprise is necessary for some of the most crucial security features. Nonetheless, it's crucial to take measures like:
  • Don't allow personal accounts for work
  • Don't allow outside collaborators
  • Require authentication via company SSO
  • Require 2FA on all accounts
  • Audit, analyze, and audit again
Although not the first instance, the hack of Okta's GitHub repository is a potent illustration of how difficult it is to safeguard identities within businesses. We witness account takeover incidents involving workers and contractors on a daily basis. Weak authentication, lenient rules for personal email accounts, and the identity attack surface's constant expansion all have an impact.