October 9, 2024 at 05:06PM
GitHub and GitLab are increasingly targeted for malicious activities, including a malware campaign using legitimate GitHub repositories and an exploit allowing unauthorized access to users in GitLab. Attackers leverage the platforms’ trusted reputations to deploy malware, highlighting significant security risks for organizations using these collaborative tools.
### Meeting Takeaways:
1. **Increased Malicious Activities on GitHub and GitLab**:
– Both platforms are facing rising threats, including malware distribution and exploitation of vulnerabilities.
2. **Malware Distribution via GitHub**:
– A phishing campaign targets individuals in the insurance and finance sectors, directing them to malware hosted on reputable GitHub repositories.
– Attackers are using tax-themed emails to link to malicious archives containing the Remcos remote access Trojan (RAT) concealed within trusted GitHub repositories such as those belonging to UK and New Zealand tax authorities.
3. **Exploitation of GitHub Comments**:
– Attackers are exploiting the comment feature on GitHub to upload malicious files without uploading them to the primary codebase. This allows the links to linger even if comments are deleted, creating potential security risks.
4. **Other Recent Threats**:
– Notably, the Redline Stealer malware was found hosted on Microsoft’s GitHub repository, highlighting a pattern of utilizing trusted repositories for malware.
5. **GitLab Vulnerability (CVE-2024-45409)**:
– A critical vulnerability in GitLab allows attackers to bypass authentication and gain unauthorized access as any user. It affects all versions prior to 16.11.10 and certain 17.x.x versions.
– This vulnerability, alongside recent incidents, shows an increase in threats towards these development platforms.
6. **Implications for Organizations**:
– The growing trend of attacks underscores the risk of exposing sensitive code and secrets stored in repositories, prompting the need for enhanced security measures in CI/CD pipelines and repository management.
7. **Future Threat Potential**:
– Attackers are likely to expand their targeting strategy beyond current sectors as they assess the efficacy of using legitimate repositories for malicious purposes.
### Action Items:
– Increase awareness and training on phishing awareness, particularly involving links to repositories.
– Review and strengthen security protocols around GitHub and GitLab usage, particularly focusing on comment functionalities.
– Monitor for updates on vulnerabilities and apply necessary patches to safeguard against exploitation.