Fighting back against automated attacks

Relying on automation – that is, tools using artificial intelligence and machine learning to perform repetitive tasks rapidly and process enormous volumes of data – has become a key strategy in a new campaign by hackers to steal your data.  Hackers can likewise use it to launch countless attacks on system vulnerabilities.  Many of these attacks are perpetuated by bots, which exponentially multiplies the volume of cyber attacks to a previously unknown scale.  Small to medium sized businesses (SMBs) are particularly vulnerable: in 2022, at least 68% of bots gained access to sensitive data, while the year prior, SMBs received 5.5 times more visits from bots than real users.  

In recent months, GitHub, a platform that allows developers to create, store, manage and share their code, has registered anywhere from 100,000 to possibly over a million malicious copycat repositories.  This entails copying and reuploading existing repositories once the bad actors have infected them with malware.  Developers with their plates full can all too easily mistake these shams for the real repo they are trying to download. 

The result is unsurprising.  Their own software projects become compromised.  And when rolled out down the lines, their clients unwittingly receive a product full of risks.  This in turn can affect customers even further down the line, thus creating an entire supply chain suspended over quicksand.

Another benefit of employing automation is that the cyber criminals can launch a massive barrage of these Trojan horses, similar to the sheer overwhelming volume of a DDoS or credential stuffing attack.  This has the added effect of hindering GitHub’s cleanup efforts.  Though most of the repos get removed within hours of posting, even a 1% remainder that can evade detection among the millions amounts to thousands of repositories of malicious code. 

Furthermore, the privacy offered by a source like GitHub does have the downside of allowing cyber criminals to work more freely.  Indeed, GitHub hosts over 420 million repositories and 100 million developers, according to a spokesperson.  Slipping through the cracks becomes easy for a number of detection targets, which can hide among the vast numbers of repos.  Users logging into GitHub could thus have their PCs very quickly infected by malware, without even knowing.  The same goes for those further down the chain, who will be even more in the dark but just as vulnerable.

Organizations need to have clearly communicated data security policies in place to protect themselves from this sort of threat.  Of course, even the most well informed postures mean nothing if the data inside is left unencrypted for any hackers who breach the perimeter.  To secure this data, NetLib Security’s Encryptionizer solution offers transparent encryption of stored data across all environments: physical, virtual and cloud.  Cyber threats can lurk in any stage of the supply chain; a strong layer of data encryption that integrates seamlessly with operations and requires no additional programming is a critical defensive component against overwhelming breaches.


By: Jonathan Weicher, post on March 7, 2023
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security