Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise

Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and, as a result, data loss are the reality that DevSecOps teams have to face every few days, according to GitProtect.io.

DevSecOps

The possibility to integrate security in development processes has given rise to DevSecOps, where development and operations teams work together with security teams and all their processes are converged. In DevSecOps, security is not an afterthought but a fundamental component integrated from the outset of the software development lifecycle.

Yet, as with all technological advancements, the journey of DevSecOps is not without its challenges. The rapid pace of DevOps, combined with the complexities of modern cyber threats, demands a proactive and informed approach. Organizations must be vigilant, agile, and collaborative, ensuring that every team member, from developers to security analysts, plays their part in fortifying the software development lifecycle.

In 2023, the number of events with the greatest negative impact on the operation of DevOps services – GitHub, Bitbucket, GitLab, and Jira – did not exceed 14%:

• GitHub recorded 13.94% events
• Bitbucket 8,33%
• GitLab 7,89%
• Jira only 4%

Most issues affected components’ operation, resulting in degraded performance at various levels.

A year of RepoJacking

The incidents affecting GitHub users in 2023 increased by over 21% compared to the previous year. The first quarter of the year was the most active in this regard.

For GitHub, it was a year of a methodology called RepoJacking. Researchers from AquaSec concluded that 9 million repos could be vulnerable to this attack, the Checkmarx team discovered that GitHub’s vuln could have exposed over 4K packages to RepoJacking, and finally, VulnCheck had been investigating this issue and found out that over 15K Go module repos were vulnerable to this kind of an attack.

Hackers also used GitHub for hosting malware on a legitimate public service and used it as a dead-drop resolver to retrieve the real command-and-control (C2) address, giving a threat actor the green light to create an attack infrastructure that was reliable and inexpensive, and threatened other users and their data.

About one-third of incidents Atlassian recognized as the major impact, which means that users experienced their occurrence in some ways. The number of incidents related to Bitbucket in 2023 decreased slightly compared to the previous year but we are talking about a difference of 2.04%. Unfortunately, Jira users could experience 50% more incidents than a year before – 75 events in total. It gives us worrying statistics of one incident every 5 days.

Last year Atlassian struggled mostly with high-severity flaws, with CVSS scores over 9 – template injection vulnerability or critical Remote Code Execution (RCE) bugs – just to name a few. Atlassian also fell victim to an attack on one of its employees, which resulted in the leak of the company’s internal data.

Service performance issues impact GitLab customers

About 32% of events in GitLab were recognized as having an impact on service performance, preventing customers from performing with full capabilities.

The most active months were June and August (10 events per month). In June, there was 1 service disruption event and 4 smaller tagges as partial disruptions.

In August GitLab fell victim to a highly skilled assault that not only undermined the service provider’s security but also made an innovative Proxyjacking scheme possible. Initially, the attackers managed to gain access to the container using the CVE-2021-22205 vulnerability flaw (CVSS score of 10.0) which could ultimately open the door for ransomware, data theft, and other follow-on attacks. What was GitLab’s security advice? Of course, to follow the organization’s security incident and disaster recovery processes to revoke the compromised instance and restore the latest good working backup to a new GitLab instance.

Among other significant events, we can mention RCE flaws, a social engineering campaign that targeted the personal accounts of technology companies’ employees, critical account takeover flaws in GitLab, and more.

Researchers noticed that threat actors started using GitHub for their malicious purposes and reported that “lately, we have observed the increasing use of the GitHub open-source development platform for hosting malware.” The novel methods that the malicious actors used included leveraging secret Gists and issuing malicious commands via git commit messages. So, the trick was that they could host their malware on a legitimate public service and use it as a dead-drop resolver to retrieve the real command- and-control (C2) address.

These techniques permitted hostile actors to conceal their malicious network traffic inside of legitimate communications on a compromised network. In this case, it would be difficult to identify and address the threats quickly and effectively. Consequently, the infected endpoint corresponding with a GitHub repository might not be reported as a suspicious one, giving a threat actor the green light to create an attack infrastructure that was reliable and inexpensive, and threatened other users and their data.

What are some DevOps security challenges?

DevOps security issues and challenges usually appear from developers and operations teams being on different pages with security teams.

Developers want to push their software into the pipeline as fast as possible while security teams are all about intergating security and squashing every last vulnerability and bug they can find. And that’s reasonable, as without a well-defined network perimeter and measures on integrating security at every stage of the development process for secure software, an organization has to deal with cybersecurity threats, data breaches, and data loss.

So, the next time instead of asking “Why protect DevOps data?”, just think of data loss and hours of interrupted business continuity.