Major IT, crypto firms exposed to supply chain compromise via new class of CI/CD attack

Welcome to the latest edition of Chainmail: Software Supply Chain Security News, which brings you the latest software supply chain security headlines from around the world, curated by the team at ReversingLabs .

This week: A new proof of concept showcases a never-before-seen class of CI/CD attack that exploits self-hosted GitHub Action runners. Also: Digging into the OWASP AI Exchange.?

This Week’s Top Story

Major IT, crypto firms exposed to supply chain compromise via new class of CI/CD attack

Security researcher Adnan Khan discovered a new class of CI/CD (continuous integration/continuous delivery) attacks that could impact thousands of public GitHub repositories. This class of attack utilizes self-hosted GitHub Actions runners by using workflows from fork pull requests that are capable of running malicious code, showcasing a major software supply chain risk. Khan shared that anyone with a GitHub account who knows how to change the workflow to create a pull request is capable of running arbitrary code on a self-hosted runner.?

To carry out this kind of CI/CD attack, a threat actor has to discover a repository of interest that has a self-hosted runner attached to it. Then, the attacker needs to use a fork pull request to become a contributor to the repository, allowing them to run their desired workflows on the repository’s runner without the approval of the repository maintainers. Also concerning is that if there is a default fork pull request approval requirement for the repository, the attacker only needs to be approved once by the maintainer to get continued access to the repository. This means that an attacker could execute code on the runner and set up persistence without arousing suspicion among the legitimate repository maintainers.?

Khan performed a proof of concept using this same attack flow to gain persistent access to GitHub’s own actions/runner-images repository. With this access, the researcher could have poisoned Windows and MacOS runner images. Khan had access to the repository for five days in July 2023, and reported the issue to GitHub once he proved his persistent access. GitHub rewarded him with a $20,000 bounty for finding and reporting the issue.?

It was after this successful proof of concept that Khan worked with fellow researcher John Stawinski to detect every public repository vulnerable to this class of attack on GitHub. The pair managed to discover thousands of repositories, many of them maintained by advanced tech companies in the AI/ML or Web3 space. According to Stawinski, “These companies have invested hundreds of thousands of dollars into security and sport some of the best-funded bug bounty programs. Yet, they were in the dark on these new attacks.”?

GitHub’s actions/runner-images repository wasn’t the only one subject to this kind of attack. The researchers also discovered that they had the ability to compromise much more, including PyTorch and Microsoft Deepspeed releases, as well as a CloudFlare application.?

To avoid this kind of attack, organizations with public repositories are advised to change their default repository settings so that all outside contributions need to be approved by the legitimate maintainers. (Security Week)

This Week’s Headlines

How will SBOMs help secure the IoT device environment?

Due to the increasing use of open-source libraries and third-party code in today’s software products, IoT device users must clearly understand their software supply chains. Learn how Software Bills of Materials (SBOMs) can become an essential tool for securing IoT devices in this article from Michael Amiri of ABI Research. (Spiceworks)

Digging into the OWASP AI Exchange

Resilient Cyber’s Chris H. discusses the Open Web Application Security Project’s (OWASP) AI Exchange, a new resource that can help cyber practitioners level-up their AI security skills. The OWASP AI Exchange is an open source, collaborative effort to progress the development and sharing of global AI security standards, regulations and knowledge. It also includes a list of AI threats, vulnerabilities and controls. (Resilient Cyber)

Cybersecurity leaders are burned out. Here's why.

In a new article, analyst firm Gartner shares the results from a survey they conducted from June-July 2023 on 178 information security and IT leaders responsible for cybersecurity. What they found is that cybersecurity leaders face unique stressors, raising the potential risk of burnout. Also, most cybersecurity leaders who do experience burnout don’t let their managers know this for fear of any negative consequences to follow. (Gartner)

How to protect your business from the next API breach

Jason Kent, Hacker in Residence at Cequence Security, explores vital lessons from recent API breaches in this article, such as Duolingo and Honda. APIs serve as the essential building blocks of modern software applications, and in order to showcase the importance of securing them, Kent cites what went wrong in both of these breaches, and what steps practitioners can take to start securing their API usage. (Spiceworks)

What should be in a company-wide policy on low-code/no-code development

Low-code/no-code development could bridge the gulf of development backlogs between great ideas and great execution. But not without security policies around areas like access control, code quality, and application visibility. Erika Chickowski highlights the several policies needed in place for an organization to have a secure low-code/no-code development environment. (CSO)

Resource Roundup

Webinar | Mitigating Software Supply Chain Risks

On Demand

Watch this great discussion between Richard Melick and Sa?a Zdjelar about the recent guidance from Gartner to help organizations protect themselves from software supply chain attacks. [Watch Now]

Blog | The evolution of AppSec: 4 key changes required for a new era

In 2024, application security must make a giant leap forward to modern practices and tooling in order to cope in a new era of software supply chain attacks. Here are four necessary changes. [Read Now]