Hackers use GitHub to access and manipulate source code repositories.
GitHub hosts open-source projects, and unauthorized access allows hackers to inject malicious code, steal sensitive information, and exploit vulnerabilities in software development pipelines.
Cybersecurity researchers at Recorded Future recently discovered that APT hackers actively exploit the GitHub platform to deliver malware payloads.
Over 94 million people use GitHub for coding collaboration as it helps store, manage, and track code changes, supporting collaborative development with tools for hosting, version control, issue tracking, and code review.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month.
In recent times, it's been noted that threat actors are now actively exploiting this platform for several illicit purposes by taking advantage of its freely accessible API to evade detection and gain other advantages in network traffic.
Payload delivery has dominated and been observed for years by the following cybercriminals and state-sponsored groups:-.
Netskope notes GitHub's 7.6% share in cloud-based malware downloads in 2022, and the abuse scenarios involve staging and infection-focused methods.
By using repository poisoning or creating fake repositories and methods, threat actors take advantage of the GitHub platform.
According to the report, GitHub is also exploited for DDR, like other data access platforms.
Users share URLs, domains, or IP addresses, even in encrypted files that pose minimal immediate risk due to the platform's challenge in determining the malicious intent without context.
GitHub can serve as an exfiltration proxy, but this is less frequent than other schemes.
The Pages on GitHub are also abused for phishing or traffic redirection by threat actors, which provides longer operational periods for phishing pages.
With 77% of developers using it, GitHub is one of the most popular platforms, surpassing GitLab and BitBucket.
Here below, we have mentioned all the recommendations provided by the cybersecurity researchers:-.
Versatile services, seamless integration in corporate settings, and cost efficiency are the key features of GitHub.
The abuse of GitHub is completely common in code repositories but lacks industry reporting for trend analysis.
Despite challenges, the specific features remain attractive to threat actors.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 15 Jan 2024 10:25:14 +0000