Is GitHub a New Wild, Wild West for Cybercriminals?

4

JULY 2019

By: Orhan Yildirim

For millions of software and systems developers around the world, GitHub is THE hub for accessing, sharing and otherwise collaborating with other developers to build new digital products and services.

GitHub is an American company that provides hosting for software development version control using Git. It is a subsidiary of Microsoft, which acquired the company in 2018 for $7.5 billion.

It offers all of the distributed version control and source code management (SCM) functionality of Git as well as adding its own features and provides access control and several collaboration features including bug tracking, feature requests, task management, and wikis for every project.

Free GitHub accounts are commonly used to host open-source projects, and as of May 2019, reports having over 37 million users and more than 100 million repositories, including at least 28 million public repositories, making it the largest host of source code in the world.

On February 28, 2018, GitHub was the target of the largest distributed denial-of-service (DDoS) attack in history.

Earlier this year, researchers at North Carolina State University recently discovered many thousands of leaked secrets and credentials.

Researchers Michael Meli, Matthew McNeice and Bradley Reaves scanned billions of GitHub files as part of an academic study that found that over 100,000 of the service’s code repositories contain exposed authentication secrets, such as cryptographic keys and API tokens, and thousands more repositories which are leaking new, unique secrets every day.

Researchers scanned nearly 13% of GitHub’s public repositories to collect this information.

In their scan, the researchers found 85,311 unique Google API keys, 37,781 unique RSA Private Keys and 47,814 unique Google OAuth IDs. The researchers also estimated that of the secrets enabled access to sensitive systems or data and their exposure caused real risk.

While the researchers didn’t release the names of specific organizations impacted, they did say that large, prominent enterprises were at risk. This included AWS credentials for a site used by millions of college applicants in the U.S. and AWS secrets for a major government agency in a Western European country.

As more and more digital transformation is driving more development and sharing on GitHub and other developer communities, companies like Microsoft, which owns and is now accountable for securing GitHub, can significantly improve the security of data, databases, and the networks that connect developers with their applications and data using Privileged Access Management, multi-factor authentication and other increasingly sophisticated means using security software build for the cloud.

To learn more about Ironsphere’s cloud security solutions, download our solution brief.

Similar Blogs

As Cyber Attacks Grow, Data Center Operators Can Bring Value-Added Services to Enterprises Leveraging Cloud-Based Access Management Services

As Cyber Attacks Grow, Data Center Operators Can Bring Value-Added Services to Enterprises Leveraging Cloud-Based Access Management Services

No threat facing businesses today has grown as fast, or in a manner as difficult to understand, as the danger from cyberattacks. Cyber threats are increasing in both volume and sophistication, and as the world continues to become more digital with every passing day, cyber threats will only keep growing in both aspects. As a result, organizations today are turning to robust cybersecurity solutions, such as Privileged Access Management (PAM), to keep both their data and their customer’s data safe.

read more
How Secure Are VPNs? Given Increasing Successful Attacks, It’s Time to Take a Hard Look at PAM for Zero Trust Solutions

How Secure Are VPNs? Given Increasing Successful Attacks, It’s Time to Take a Hard Look at PAM for Zero Trust Solutions

Since the early 1990s, VPNs (Virtual Private Networks) have been central to providing remote users with access to the corporate network.
Thirty years later, in 2020, when legislation and population health initiatives mandated work-from-home, bad actors recognized and acted upon their massive opportunity to attack VPNs and initiate data theft and ransomware attacks as applications, in the heat of the moment, moved outside the traditional perimeter.

read more