News, Antara News – Cyber attacker code can inflict damage in various forms. Malware, which stands for malicious software, can steal data from systems and networks, disrupt service provisioning, encrypt data for ransom or cause service disruptions.
Threat actors can spread malware through email attachments, instant messaging or P2P file sharing services. Furthermore, they could insert it into popular programming utilities to further disperse it further.
GitHub Repository
GitHub is a vital platform for collaborative software development, making it attractive to threat actors as an attack vector. Security research teams have seen an upsurge of “repo confusion” attacks which first appeared midway through 2017. This attack involves cloning and infecting repositories, uploading them to GitHub with identical names, automatically forking them thousands of times and covertly advertising the malicious repo across various forums and apps. Unsuspecting developers using compromised repositories unwittingly activate a hidden payload that unpacks seven layers of obfuscation, extracts malicious Python code and an executable binary executable file, and begins harvesting sensitive information such as login credentials and browser cookies for transmission to an attacker’s command and control server.
Thankfully, GitHub usually deletes forked repositories within hours of upload. However, their automated detection system misses many such forks; even one percent miss-rate can leave thousands of compromised repositories still active on its platform.
Phishing Templates
With phishing attacks increasing in prevalence, it’s essential that employees can identify potential red flags through security awareness training. Use our phishing templates to evaluate the effectiveness of cybersecurity awareness among your staff by simulating domain spoofing techniques, typosquatting attacks and attack types hackers have found most successful. Each template comes complete with microlearning to reinforce specific red flags employees should look out for when responding to emails.
Clone phishing is an email-based social engineering tactic in which criminals create counterfeit emails from service providers such as Internet service providers or software vendors, convincing recipients that there is a security concern that requires them to update their information, often prompting security alerts or software update notifications with malicious links to install malware onto devices.
Brand spoofing is an increasingly prevalent scam where criminals send an email that mimics a well-known brand to collect sensitive data such as passwords or credit card numbers. Our phishing templates contain many variations of these tactics so you can create more comprehensive tests.
Fake GitHub Accounts
Threat actors have employed over 3,000 fake GitHub accounts to operate a malware distribution-as-a-service known as Stargazers Ghost Network and spread information-stealing malware such as Atlantida Stealer, Rhadamanthys Lumma Stealer and RedLine at scale – earning attackers illicit profits of $100k or more each year.
Threat actors forged a network of accounts and Twitter profiles claiming to be security researchers for an imaginary firm called High Sierra Cyber Security, even using headshots of real security researchers from companies such as Rapid7 as evidence of this scam.
By creating fake accounts and posting malicious repositories and links on GitHub, PyPI, and npm, this threat actor promoted malicious repositories and links that targeted software supply chain attacks. When someone clicked to download a malicious repository they were directed to a compromised WordPress website which served an HTML Application (HTA) file with VBScript code; this code then launched two PowerShell scripts which deployed Atlantida Stealer on victim systems.
Malware Spread
Cybercriminals utilize malware to gain unauthorized access and undermine computer systems. They do this by stealing confidential data, corrupting files and programs, disabling systems or initiating DDoS attacks.
Cybercriminals have long used social media and compromised websites as platforms for dispersing malware, using deceptive email chains or other techniques to convince employees into clicking malicious links or downloading suspicious files. Modern organizations require cybersecurity software and protocols that block such threats before they reach employee inboxes.
GitHub has been used as an outlet for malicious repositories, including the Mirai botnet that launched massive DDoS attacks during the COVID-19 pandemic. This threat will only increase as more devices connect without thought given to network security. Organizations should follow NCSC guidance on protecting their business against malware infections as well as mitigation actions should an infection take place, including backing up data to minimize potential damage. It’s especially essential that smaller organisations consult this advice since their vulnerabilities to malware infections increase dramatically.