Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Content Abuse. Show all posts

GitHub Faces Rise in Malicious Use

 


GitHub, a widely used platform in the tech world, is facing a rising threat from cybercriminals. They're exploiting GitHub's popularity to host and spread harmful content, making it a hub for malicious activities like data theft and controlling compromised systems. This poses a challenge for cybersecurity, as the bad actors use GitHub's legitimacy to slip past traditional defences. 

 Known as ‘living-off-trusted-sites,’ this technique lets cybercriminals blend in with normal online traffic, making it harder to detect. Essentially, they're camouflaging their malicious activities within the usual flow of internet data. GitHub's involvement in delivering harmful code adds an extra layer of complexity. For instance, there have been cases of rogue Python packages (basically, software components) using secret GitHub channels for malicious commands on hacked systems. 

This situation highlights the need for increased awareness and updated cybersecurity strategies to tackle these growing threats. It's a reminder that even widely used platforms can become targets for cybercrime, and staying informed is crucial to staying secure. 

While it's not very common for bad actors to fully control and command systems through GitHub, they often use it as a way to share secret information. This is called a "dead drop resolver." It's like leaving a message in a hidden spot for someone else to pick up. Malware like Drokbk and ShellBox frequently use this technique. 

Another thing they sometimes do is use GitHub to sneakily take information out of a system. This doesn't happen a lot, and experts think it's because there are limits on how much data they can take and they want to avoid getting caught. 

Apart from these tricks, bad actors find other ways to misuse GitHub. For example, they might use a feature called GitHub Pages to trick people into giving away sensitive information. Sometimes, they even use GitHub as a backup communication channel for their secret operations. 

Understanding these tactics is important because it shows how people with bad intentions can use everyday platforms like GitHub for sneaky activities. By knowing about these things, we can be more careful and put in measures to protect ourselves from online threats. 

This trend of misusing popular online services extends beyond GitHub to other familiar platforms like Google Drive, Microsoft OneDrive, Dropbox, Notion, Firebase, Trello, and Discord. It's not just limited to GitHub; even source code and version control platforms like GitLab, BitBucket, and Codeberg face exploitation. 

GitHub acknowledges that there's no one-size-fits-all solution to detect abuse on their platform. They suggest using a combination of strategies influenced by specific factors like available logs, how organisations are structured, patterns of service usage, and the willingness to take risks. To know that this problem isn't unique to GitHub is crucial. Threat actors are using various everyday services to carry out their activities, making it important for users and organisations to be aware and adopt a mix of strategies to detect and prevent abuse. This includes being mindful of how different platforms may be misused and tailoring detection methods accordingly.


How Content Abuse is giving rise to online Frauds, explains SIFT


A report from Sift on 'Content Abuse and the Fraud Economy' explores the rising arena of online frauds and content abuse in 2020, detailing how content abuse tricks users for falling for the fraud and giving it an air of legitimacy.


The report also exposes a fraud ring in Russia that tested credit cards and wallets on e-commerce websites and posted false content.

Content Abuse 

The data used in the report came from 34,000 sites and with a survey of over 1000 users by Sift on Content Abuse.

Understanding the "Fraud Supply Chain: A Network of Content Abuse, Account Takeover (ATO) and Payment Fraud" -

As a market works on a proper chain of demand and supply similarly these fraud rings have a proper network where content abuse works as a bridge between Payment fraud and account takeover.

Account Takeover exposes financial credentials and includes stolen cards and debits or wallets that can be used for performing payment fraud whereas content abuse works as a cushion and bridges account takeover and payment fraud. It convinces users to share details or send money through fake messages, reviews, phishing, or romance scams. Payment fraud then is the goal of the above two where buying and selling could occur via the cards and info collected by Account Takeover and Content Abuse.

 According to the report fake content can be found in plenty on the Internet and the numbers are shocking. Consumers find 70% of content on social media fake, 40% on classified, 21% on travel sites, and 15% on Job Boards.

 The Bargaining Bear

Sift's data science team in June also discovered a fraud ring on an e-commerce market place that exploited account takeover and content abuse to check the credentials of stolen debit cards and wallets to see if they worked and how much were they worth.

 "To test dozens of stolen cards, they “sold” the items to each other, after “haggling” those prices down to $1.00 USD— a typical price used to test hijacked payment details. Each listing was uncharacteristic for this marketplace, purchased on the same day, and included several fake reviews to strengthen the appearance of authenticity.", stated the report. 

 The team working from Russia, made various sellers profiles (with the same IP address) and sold stuff at cheap prices and bought the materials themselves leaving fake content listings that gave a legitimate reputation to the seller for easy card testing.