Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities and, as a result, data loss are the reality that DevSecOps teams have to face – every few days, according to GitProtect.io’s latest The State of DevOps Threats Report.
The report investigates the most severe incidents affecting tools like GitHub, GitLab, Bitbucket, or Jira and suggests a list of the best security practices DevSecOps teams should not ignore in the coming months.
The number of incidents affecting GitHub users in 2023 increased by over 21% compared to the previous year. The first quarter of the year was the most active in this regard.
For GitHub, it was a year of a methodology called “RepoJacking”. Researchers from AquaSec concluded that 9-million repos could be vulnerable to this attack; the Checkmarx team discovered that GitHub’s vuln could have exposed over 4 000 packages to RepoJacking; and, finally, VulnCheck had been investigating this issue and found out that over 15 000 Go module repos were vulnerable to this kind of an attack.
Hackers also used GitHub for hosting malware on a legitimate public service and used it as a dead-drop resolver to retrieve the real command-and-control (C2) address, giving a threat actor the green light to create an attack infrastructure that was reliable and inexpensive, and threatened other users and their data.
About one-third of incidents Atlassian recognised as the major impact which means that users experienced their occurrence in some ways. The number of incidents related to Bitbucket in 2023 decreased slightly compared to the previous year, but it was only a difference of 2,04%. Unfortunately, Jira users could experience 50% more incidents than the year before – 75 events in total. Worrying, in that it indicates one incident every five days.
Last year, Atlassian struggled mostly with high-severity flaws, with CVSS scores over 9 – template injection vulnerability or critical Remote Code Execution (RCE) bugs – just to name a few. Atlassian also fell victim to an attack on one of its employees which resulted in a leak of the company’s internal data.
About 32% of events in GitLab were recognised as having an impact on service performance, preventing customers from performing with full capabilities.
In August, GitLab fell victim to a highly-skilled assault that not only undermined the service provider’s security, but also made an innovative Proxyjacking scheme possible. Initially, the attackers managed to gain access to the container using the CVE-2021-22205 vulnerability flaw (CVSS score of 10.0) which could ultimately open the door for ransomware, data theft, and other follow-on attacks.
What was GitLab’s security advice? Of course, to follow the organisation’s Security Incident and Disaster Recovery processes to revoke the compromised instance and restore the latest good working backup to a new GitLab instance.
Among other significant events, we can mention RCE flaws, a social engineering campaign that targeted the personal accounts of technology companies’ employees, critical account takeover flaws in GitLab, and more.
The report also analyses the most serious incidents of all time including the infamous Atlassian outage that lasted over two weeks, the GitLab database incident caused by human error that resulted in the loss of data from over 5 000 projects and 700 new users, and the ransomware attack and repository wipes of all three vendors.