Black Hat USA 2022 News: XDR Alliance Releases Open-Source Common Information Model
MSSPs can use open source CIM to ingest security data & determine how logs are classified & which fields should be extracted for parsing.
Git Ransomware Attack Prompts Secure Best Practices Recommendations
“To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at email@example.com with your Git login and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we don’t receive your payment in the next 10 Days, we will make your code public or use them otherwise.”As of Monday, May 6, there had been 36 abuse reports for the Bitcoin address, according to the Bitcoin Abuse Database blog, and the hacker threatened to delete code. In keeping with the cyber extortionists' collective strategy that less is more, the demand was 0.1 bitcoin, which at the time of the incident was about $590 but has risen to roughly $780. [sc name="single-ad-2"/]
Key LearningsIn the hijack's immediate wake, it wasn't clear how the hackers conducted the attacks but the the platforms' security teams now are "confident that we understand how the account compromises and subsequent ransom events were conducted," the blog said. The hacker appears to have scanned the web for Git config files and used stolen credentials to carry out the heist at Git hosting services. Some users suspect that it wasn’t a targeted attack but a random, bulk attack carried out by a script. Apparently, some of the victims used weak passwords for their GitHub, GitLab and Bitbucket accounts. They also didn’t remove access tokens for apps left unused for months. Both mistakes left accounts vulnerable to hacking. “My password was a weak one that could've been relatively easily cracked via brute-force (it's not a common one but starts with "a" and has only a-z characters in it) and it could be that they just automatically checked if they can access the account and then ran some git commands,” wrote one user on the StackExchange forum. “It is also possible that my email address and that particular password are on a list of leaked accounts.”
RecommendationsHere's how users can protect their repositories from such attacks:
- Enable multi-factor authentication on your software development platform of choice -- Bitbucket, GitHub or GitLab.
- Use strong and unique passwords for every service to prevent credential reuse if a third-party experiences a breach and leaks credentials.
- Understand the risks associated with the use of personal access tokens, which, used via Git or the API, circumvent multi-factor authentication. Tokens may have read/write access to repositories depending on scope and should be treated like passwords. If you enter your token into the clone URL when cloning or adding a remote, Git writes it to your .git/config file in plain text, which may carry a security risk if the .git/config file is publicly exposed.
- When working with the API, use tokens as environment variables instead of hard coding them into your programs.
- Do not expose .git directories and .git/config files containing credentials or tokens in public repositories or on web servers.
- Top 100 Lists: Including Public Cloud MSPs; Vertical Market MSPs; and IT Service Provider Acquisitions
- Technology Conference Calendar for VARs, MSPs and CSPs
- Subscribe to our daily newsletter
- Guest Blogs on ChannelE2E
Atlassian Bitbucket, GitHub, and GitLab share joint blog post to promote secure best practices in the wake of a Git ransomware incident.
Ziften Endpoint Security Adds Threat Detection for Microsoft Windows
Endpoint security provider Ziften Technologies integrates its Zenith solution into the Microsoft Windows Defender Advanced Threat Protection (ATP) platform.
Corero Discloses ‘Kill Switch’ for Memcached DDoS Cyberattack
Distributed denial-of-service (DDoS) attack protection firm Corero Network Security discloses Memcached vulnerability countermeasure to security agencies.
DXC Technology Leaks AWS Cloud Private Keys on GitHub, Suffers $64K Loss
DXC Technology leaks its Amazon Web Services (AWS) private keys on an unsecured Github repository & suffers $64,000 in damages.