Github’s popularity has made it too large to be blocked. While this is a boon for dissidents evading government censorship, it is a problem for internet security.
According to GitHub, this is used by: Over 100 million Developers around the world. Due to its popularity and practicality, this site isrelatively high immunity “This is having an impact on China’s censorship efforts,” the Electronic Frontier Foundation said. But GitHub’s reach also makes its various services attractive to those looking to distribute malware to as many users as possible.
in report Security shop Recorded Future, published Thursday, warned that GitHub’s infrastructure is frequently exploited by criminals to support and distribute malware. And exploits are expected to become even more prevalent due to the benefits of the “based outside of trusted sites” strategy for those behind the malware.
According to the report, GitHub offers several advantages for malware authors. For example, GitHub domains are rarely blocked by corporate networks, making them reliable hosting sites for malware.
Additionally, cloud code hosts may be well-known to people who create harmful software based on previous legitimate usage. Additionally, GitHub is available without typical web hosting fees or domain registration fees, is reliable, and doesn’t have much vetting when creating a new account.
However, there are also disadvantages. The lack of a PHP backend service limits PHP-based phishing kits. GitHub also has a well-known security team that is considered fairly skilled. The site also imposes file size and bandwidth limits, which can limit attack resources.
According to Recorded Future’s Insikt Group, criminals often use GitHub to deliver their payloads. Dead drop resolution Code, data extraction, command and control operations.
“Using GitHub services for malicious infrastructure allows attackers to blend in with legitimate network traffic, often bypassing traditional security defenses and making it difficult to track upstream infrastructure and attack the attacker. identification becomes more difficult,” the report states.
Security groups have cited numerous examples of GitHub being used to stage or distribute malicious files like Qualys. January 2023 Report Morphisec Labs on the Excel spreadsheet used as a decoy to spread BitRAT. Accounts for June 2023 A phishing campaign that relies on a PowerShell script to retrieve GuLoader shellcode from a GitHub Pages site, and August 2023 incident Security researchers discovered 0xToxin using a PowerShell script found in raw[.]git user content[.]Com.
The Recorded Future report further discusses the utility of code hosting sites for dead drop resolution (hosting information related to command and control infrastructure) and running command and control servers.
Because of the potential for increased reliance on this “based outside of trusted sites” strategy, organizations may want to flag or block GitHub services that are not commonly used and can be exploited. is recommended. It also suggests that companies should take a closer look at their usage of GitHub services to develop specific defense strategies.
“This challenge impacts services across the industry,” a GitHub spokesperson told The Register.
“With over 100 million developers helping build the platform across over 420 million repositories, we have a team dedicated to detecting, analyzing, and removing content that violates our Acceptable Use Policy. We employ reviews and detection at scale using machine learning to continue to evolve and adapt. We also encourage you to report abuse and spam.” ®