Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label DevSecOps. Show all posts
Ransomware
Data Breach DevSecOps GitHub GitLab Ransomware

DevSecOps Teams Face Regular Outages, Cyberattacks, and Data Breaches



The past year has seen a sharp rise in cyber attacks targeting popular DevOps platforms like GitHub, Bitbucket, GitLab, and Jira. These platforms, which are crucial for developers and IT operations teams, have faced growing threats that disrupt their services and put users at risk. The importance of securing the software development process at every stage cannot be emphasised enough. 

What is DevSecOps?

In response to the increasing complexity of cyber threats, many organisations are adopting a practice known as DevSecOps. This approach involves integrating security measures directly into the development process, rather than treating them as an afterthought. By doing so, security becomes a fundamental part of the software development lifecycle, ensuring that potential vulnerabilities are addressed early on. However, this shift also comes with challenges, as teams must be agile and proactive in adapting to new threats.

Cyber Incidents in 2023

In 2023, there was a noticeable increase in incidents that negatively affected the operation of DevOps services. GitHub, the largest of these platforms, experienced 13.94% of the reported incidents, while Bitbucket accounted for 8.33%, GitLab for 7.89%, and Jira for 4%. Most of these issues involved problems with key components that led to degraded performance and service disruptions.

One of the most alarming threats to GitHub in 2023 was the rise of a hacking method called "RepoJacking." This type of attack exposed millions of repositories to potential risks. Research indicated that as many as 9 million repositories on GitHub could be vulnerable to this kind of attack. Moreover, it was discovered that over 4,000 software packages were at risk, along with more than 15,000 Go module repositories.

Hackers also used GitHub as a platform to host malicious software. By taking advantage of GitHub's public services, attackers could create a cost-effective and reliable infrastructure for their activities, making it difficult for users to detect and respond to these threats. This method allowed hackers to retrieve malicious commands through seemingly legitimate interactions on GitHub, posing a significant risk to users' data.

Challenges Faced by Bitbucket, Jira, and GitLab

While Bitbucket saw a slight decrease in incidents in 2023, the difference was minimal, with only a 2.04% reduction compared to the previous year. Unfortunately, Jira experienced a 50% increase in incidents, with 75 recorded events, meaning users encountered an incident roughly every five days. Many of these issues were severe, involving vulnerabilities that could have serious consequences for users.

GitLab also faced challenges, with 32% of reported incidents impacting the platform's performance. This hindered users' ability to fully utilise the service. June and August were particularly problematic months for GitLab, with several events that disrupted services. In one instance, a sophisticated attack exploited a critical vulnerability (CVE-2021-22205), which could have led to ransomware attacks and data theft. GitLab's response highlighted the need for organisations to be prepared with robust security and disaster recovery plans.

The Importance of DevOps Security

One of the biggest challenges in DevOps security is ensuring that development and security teams work together effectively. Developers often focus on quickly pushing new software updates, while security teams prioritise finding and fixing vulnerabilities. Without a well-integrated security approach throughout the development process, organisations are at greater risk of cyberattacks, data breaches, and operational disruptions.

The increasing number of incidents affecting platforms like GitHub, GitLab, Bitbucket, and Jira serves as a wake-up call for organisations to strengthen their security practices. By embedding security into every stage of the development process and fostering collaboration among all teams, organisations can better protect their systems and data from cyber threats.

It’s crucial for organisations to prioritise security at every stage of software development. The challenges faced by major DevOps platforms in 2023 highlight the need for vigilance, collaboration, and proactive security measures to safeguard our digital infrastructure. By adopting a DevSecOps approach and integrating security from the start, organisations can better brace themselves.


 

Read more »
Technology
Artifcial Intelligence CISO Cyber Attacks CyberCrime DevSecOps Privacy and Security Technology

AI's Dark Side: Splunk Report Forecasts Troubled Trends in Privacy and Security

 




There is no doubt that AI is going to be very beneficial to security professionals, but cybercriminals will be looking for ways to harness the power of AI to their advantage as well. As bad actors push artificial intelligence to new extremes, Splunk's Security Predictions 2024 report predicts that it will certainly expand organisations' attack surfaces. 
As a result of the advancement of artificial intelligence, malicious actors will have a better chance of enhancing their portfolios and strategies. As it is anticipated that new threats will emerge in 2024, a new wave of attack methods spawning not only from artificial intelligence but also from the robust adoption of 5G in India is anticipated.

As a result, cybercriminals will have more opportunities to exploit cybercriminals since the attack surface is already wide. According to Robert Pizzari, Group Vice President, Strategic Advisor, Asia Pacific, Splunk, cybercriminals will have more opportunities. Among the key trends in security and observability that Splunk has identified for 2024, are the following: 

It is anticipated that, by 2024, CISOs will also have a greater stake at stake due to the increasing stringency, complexity, and difficulty of navigating the regulatory environment. According to the State of Security 2023, 79% of line-of-business stakeholders see the security team as either a trusted resource for information or as one of the most critical enablers of the organisation's mission. 

It was recently found in a recent Splunk report that 86% of security leaders believe that generative AI will help alleviate skill gaps and talent shortages. AI will take on security tasks. It will become more of a virtual assistant than an assistant, as it will take care of repetitive, mundane, and labour-intensive tasks that are not necessary to perform. 

While the majority of people are excited about AI, they are also nervous - CIOs and CTOs will feel the pressure to get more from less in this year's budget, making it the year of mindful budgets and massive disruption. People are excited about AI, but they are also nervous - and there will be tremendous pressure on CIOs and CTOs. With artificial intelligence, users can better understand what's going on in an environment by detecting and identifying anomalies. 

However, it would not replace manual troubleshooting. Many companies are going to use artificial intelligence to detect anomalies first, then move on to investigation and respond automatically. 

Automated remediation is something people can expect to see shortly. It has become apparent that observability can be a meaningful signal for security operations: There are a significant number of vendors who sell security products separate from one another. 

The lack of interoperability of their products is often a cause of frustration for their customers. There's no question that a DevSecOps mindset will lead the organisation - whether it's big or small - towards digital resilience, no matter if the servers are in the cloud or in the back corner of your garage.
Read more »
Palo Alto Networks
Check Point CSP Cyber Crime DevSecOps JavaScript Log4Shell Palo Alto Networks

Challenges With Software Supply Chain & CNAPP


In 2021, sales of CNAPP exceeded $1.7 billion, an increase of roughly 49% over 2020, according to a recent Frost & Sullivan analysis. According to Frost & Sullivan, CNAPP revenue growth will average over 26% annually between 2021 and 2026.

Anh Tien Vu, industry principal for international cybersecurity and the author of the report, projects that by 2026, revenues will surpass $5.4 billion "due to the increasing demand for a unified cloud security platform that strengthens cloud infrastructure security and protects applications and data throughout their life cycle."

How Does CNAPPs Function?

CNAPP platforms combine many security technologies and features to cut down on complexity and expense, offering:
  • The capabilities of the CSPM, CIEM, and CWPP tools are combined across the development life cycle, correlation of vulnerabilities, context, and linkages.
  • Identifying high-risk situations with detailed context.
  • Automatic and guided cleanup to address flaws and configuration errors.
  • Barriers to stopping unauthorized alterations to the architecture.
  • Simple interaction with SecOps ecosystems to quickly deliver notifications.
Security teams must transition from guarding infrastructure to guarding workload-running applications in order to maximize cloud security and compliance, enable DevOps, and reduce friction. That entails, at the very least, protecting the security of the production environment and cloud service configurations, with runtime protection serving as an important extra layer of security.

Attackers are focusing more and more on cloud-native targets in an effort to find vulnerabilities that may be used to compromise the software supply chain. The widespread effect that a vulnerability of this kind can have on the application environment was demonstrated by the Log4Shell flaw in the widely used Log4j Java runtime library last year.

Melinda Marks, a senior analyst at Enterprise Strategy Group, claims that while CNAPP helps businesses to set up DevSecOps processes where software engineers take the initiative to find potential bugs in code before delivering application runtimes into production, it also goes beyond. Before you release your applications to the cloud, this is crucial for preventing security risks since once you do, hackers can access them.

The scanning of development artifacts like containers and infrastructure as code (IaC), cloud infrastructure management (CIEM), runtime cloud workload protection platforms, and cloud security posture management (CSPM) are just a few of the siloed capabilities that CNAPPs combine. Together with a more uniform approach and improved awareness of the risk associated with cloud-native computing environments, CNAPP offers standard controls to reduce vulnerabilities.

Significantly, CNAPP also promotes communication between teams working on application development, cybersecurity, and IT infrastructure, opening the door to finding and fixing flaws before apps are put into use. CNAPP features are being added to security platforms by security manufacturers like Check Point and Palo Alto Networks. Marks cautions against the common misunderstanding that shifting security left is all about putting security first during the software development and build process.





Read more »
Vulnerabilities and Exploits
Application Security DevSecOps Malicious Codes Vulnerabilities and Exploits

Newly Discovered Flaw in GitHub Actions Allows Code to Bypass Review Mechanism

 

A newly uncovered security vulnerability in GitHub Actions allows software code to bypass the required reviews mechanism to a secured branch, allowing it into the pipeline to production. 

Omer Gil and his team of researchers at security startup Cider Security discovered the flaw in GitHub actions during research into novel attack vectors in the arena of DevSecOps, which evades security protections and exists even in the installations of companies that have not enabled the recently introduced feature.

"An attacker compromising a GitHub user account, or simply a developer that wants to bypass this restriction, can simply push code to a protected branch. Since code in protected branches is usually used in production systems by many users or by other systems, the impact is high," Gil explained.

Vulnerability in GitHub Actions 

GitHub Actions is GitHub's continuous integration/continuous delivery offering, which offers a mechanism to automate, customize and implement software development workflows right in the repository from development to production systems, Cider Security explained in a blog post on Medium. 

Furthermore, the GitHub Actions is installed by default on any GitHub organization, and on all of its repositories, and any user who has the privilege to push code to the repositories can design a workflow that operates when code is pushed. 

“Anyone with write access to a repository can modify the permissions granted to the GITHUB_TOKEN, adding or removing access as required, by editing the permissions key in the workflow file,” Cider Security explained.

“As the PR is created, it cannot be merged since approval is required. However, the workflow immediately runs and the PR is approved by the GitHub-actions bot, which the GITHUB_TOKEN belongs to. It’s not an organization member, but counts as PR approval, and effectively allows the attacker to approve their own PR, basically bypassing the branch protection rules.,” Cider Security further said.

"The issue is not fixed. GitHub said they'll work on fixing it. I believe adversaries can definitely take advantage of this issue in their attempts to reach production systems and expand their hold in their victims' assets," Gil noted. 

To mitigate the risks, Cider Security has advised organizations to consider disabling GitHub Actions across their whole enterprise or for particular (more sensitive) repositories. Additionally, the issue can be solved by requiring the approval of Code Owners, or by requiring two or more approvals to merge a pull request.
Read more »
Subscribe to: Posts (Atom)