Hackers are increasingly using insecure connections between GitHub and third parties, such as API keys and access tokens, to infiltrate organizations and steal data. This can lead to supply chain dependencies and other security risks. Organizations need to secure these connections as carefully as they would usernames and passwords. This is especially true in the wake of the recent CircleCI breach, in which customer data and encryption keys were stolen.
As a result of the COVID-19 pandemic, many organizations are working with a greater number of remote and third-party collaborators. As a result, there are more connections between systems, applications, and workflows, including connections to and storage of software in GitHub. Securing these connections is critical to avoid vendor lock-in. In recent years, we have seen hackers exploit these connections to gain access to corporate data. For example, the recent CircleCI breach, in which customer data and encryption keys were stolen, is a warning to companies to improve the security of their GitHub connections.
An important aspect to consider is that these connections are not only made to external parties, but also within the organization itself. For example, a developer may create a token to test a new solution, but later fail to revoke it (so-called "set and forget" tokens). This creates connections that are no longer in use but remain open, leaving the organization vulnerable to attack. It is therefore important that organizations are aware of the risks of these connections and monitor and remediate them on a regular basis. Lack of monitoring can also result in permissions being granted to former users or employees who have since left the organization, potentially granting unauthorized access to anyone who finds the connection. For example, the Slack breach showed how criminals gained access to externally hosted Slack GitHub repositories.
Summary
Supply chain dependencies are a growing concern for organizations, especially when it comes to connections to GitHub and third parties. It is important that organizations are aware of these risks and actively take steps to secure their external connections - think API keys, OAuth tokens and other connections - as rigorously as they protect their passwords. This can be done by implementing multi-factor authentication, new stronger access tokens, and continuous monitoring of external connections and services. By taking these steps, companies can reduce the risk of vendor lock-in and protect their organizations from attack.
Source: securityboulevard.com
Published by RiskStudio