The Dangers of Malware on GitHub

GitHub, malicious code, malware, Open Source Malware, Ophtek, , , ,
05
Mar 2024

GitHub is a wildly popular website for developers to create, share, and store their code, but it’s also being increasingly used to spread malware.

Launched in 2008, GitHub quickly became the number one destination for developers. Packed full of features – such as hosting open source code, bug tracking tools, and software requests – GitHub is the perfect one-stop shop for developers looking to collaborate and enhance their software. However, where there’s code, there’s also potential for malware to rear its ugly head. And, in the last few years, GitHub has been exploited by numerous threat actors.

How does GitHub Work?

GitHub is an online repository where developers can come together to pool resources and knowledge to improve their software builds. It may not be something that most of your staff are likely to log on to, but your IT team are likely to use it to manage projects they’re working on. The objective of GitHub is to create a community of friendly developers, but the open membership policy means this doesn’t always go to plan.

Why is GitHub Dangerous?

Threat actors can easily sign up for membership within a matter of minutes, and then they can begin uploading their malicious code under the pretense of being an innocent software project. Quite often, threat actors will sign up with a username previously used by another developer, this is to trick other developers into thinking this is a reputable account. The GitHub community will believe that any repositories uploaded to this account are safe, and they will download them without thinking. And this is when malware can be unknowingly unleashed on unsuspecting networks.

Threat actors are also using GitHub to host command and control servers, which allow attackers to create communication channels into infected devices. Usually, this would be indicated by an unusual domain address in your network traffic. But with GitHub’s credentials being used, this would look less suspicious, especially if you team access GitHub. It’s also convenient, for the threat actors, to use a public service where launching a command control server is much easier than building an infrastructure from scratch.

Finally, GitHub is being used as a storage space for malware, as demonstrated in this fake proof-of-concept software attack. This particular attack allowed the threat actors to exploit a known vulnerability within the Linux operating system, which is commonly used by developers working on GitHub. These attacks can even catch out the security experts, so they underline just how dangerous GitHub can be if you’re not vigilant.

How Can You Work Safely with GitHub?

Threat actors are essentially turning certain parts of GitHub into a malicious website, so it’s crucial you know how to manage this threat. The most effective step you can take is to block access to GitHub on your organization’s network. Your staff are highly unlikely to need to access GitHub anyway, so this makes sense. However, some of your IT staff, and any developers you employ, may still require access to complete their job.

GitHub, of course, isn’t the only legitimate website to be harboring malware. Huge sites such as Dropbox and Google Drive are all capable of delivering malware to unsuspecting members. Therefore, you should only ever download from trusted sources.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Solid State Drives Targeted by Stubborn New Malware

Hackers, malicious code, Ophtek, solid state drive (SSD), Updates, , , ,
11
Jan 2022

A new strain of malware has been developed which allows threats to be delivered to an inaccessible area of a solid state drive (SSD).\

The attack in question is not currently active, but the possibility of this attack has been modeled and proved successful by a group of Korean security researchers. However, hackers are persistent and they have likely been investigating such an attack for some time – similar strategies have already been employed to hide malware on hard disk drives (HDD). And, thanks to the rapid rise of SSDs over the last decade, threats to their security are only going to become more common.Combatting threats that have stealth on their side is crucial for protecting your IT infrastructures, so you need to take this threat very seriously. Let’s take a look at why and how your SSDs are at risk.

How Does This New Attack Work?

The Korean researchers have found a specific vulnerability in the design of certain SSDs which makes hacking them that little bit easier. An SSD which employs flex capacity (a technique where storage devices adjust their space to enhance performance) is the main target of this latest threat. Such an SSD contains an area known as over-provisioning which is located in an inaccessible area of the SSD. This area takes up, depending on the current demand, between 7 – 25% of the SSD capacity. And this over-provisioning area is invisible to the PCs operating system.

Due to the invisible nature of this over-provisioning space, it cannot be reached by applications such anti-virus tools or user intervention. However, it’s possible to exploit the size of this ‘hidden’ area and enlarge it by manipulation through the SSD firmware manager. Not only does this allow a hacker to deposit malware here, but it gives them access to the over-provisioning space – where sensitive data may remain for several months. It’s this sophisticated attack method which makes it difficult to detect and even more difficult to remove.

What Should You Do If You Have an SSD?

It’s believed that the attack required to exploit the over-provisioning area is not currently active. But it remains a viable threat and it’s only a matter of time before a hacker formulates a successful strategy. The sophisticated nature of this exploit means that tackling such an attack is difficult for an average PC user to complete. Solving this vulnerability lies with the manufacturers of SSDs who need to rethink the design of their systems.

Ideally, real time monitoring of these hidden areas needs implementing, with a view to providing a ‘wipe’ option when the over-positioning capacity increases rapidly. Nonetheless, it remains good practice to install every update and patch which is released for your SSD. Software within the SSD software will regularly need updating and these could be used to strengthen the defense of your SSD. Therefore, prioritizing and automating updates remains important to protect your PCs.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What are Zero-Click Attacks?

malicious code, Ophtek, Pegasus spyware, Software Security Patches, zero-click attacks, , , ,
28
Dec 2021

One of the less mentioned security threats for PCs is the zero-click attack. Nonetheless, zero-click attacks are one of the most dangerous threats we face.

Traditional cyber security measures tend to focus on PC users following best practices to protect their PC. And, overall, it’s an effective approach. Understanding the importance, for example, of verifying a link in an email before clicking is crucial. But there’s only so much that individuals can do to protect themselves. If hackers can remove this ‘human’ factor from gaining access to a PC then they should, in theory, be home free. And, with a zero-click attack in their toolbox, hackers can quickly exploit even the most vigilant PC users.

How Does a Zero-Click Attack Work?

The most common technique employed in carrying out a zero-click attack is:

As you can see from the above description, at no point does the victim have any involvement. It’s this element of the strategy which makes it most troubling for PC users. The technique involved could, for example, involve a message being sent over Skype, a message which is not even opened by the recipient. Yet, the fact that it has been received on a PC means that it can unleash a malicious payload. Perhaps the most famous example of a zero-click attack is the Pegasus spyware hack which allowed hackers to gain access to users’ smartphones via a single WhatsApp message being received.

How Can You Combat Zero-Click Attacks?

It may seem difficult to protect yourself against the unprotectable and that’s why concern has been rapidly building around zero-click attacks. Thankfully, most zero-click attacks – such as Pegasus – have only targeted a tiny proportion of people, mostly government officials and high-ranking journalists. But this is far from a guarantee that you can’t fall victim to a zero-click attack.

As ever, key to protecting your PC and your devices is by installing security patches when they become available. Don’t put them off “until tomorrow” as it only takes a zero-click attack a few seconds to exploit a vulnerability. With your software and hardware running with optimal protection, it’s less likely to become another statistic of security failure. Encryption is also central to keeping your data safe should you find your device breached. Remember: all sensitive documents should be encrypted and backed up.

Final Thoughts

We’re used to malware and ransomware grabbing all the headlines, so that’s why many of us feel confident about battling these threats. But zero-click attacks are more enigmatic, a factor which works heavily in their favor. The discretion achieved by foregoing the need for user error positions zero-click attacks as a favorite of hackers. It may be a method of attack which doesn’t generate many column inches at present, but it’s likely to become more popular as hackers look at more innovative approaches. For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More