The Falco libraries and Falco itself can be extended by using Plugins. We can extend Falco’s threat detection across cloud environments and 3rd party services, like GitHub, by use of Falco Plugins. With open source Falco, the cloud-native runtime security project, we can address some of the GitHub security flaws that lead to a breach.
While education around phishing emails is important to prevent another Dropbox-style breach from happening to your business or organization, there are many other ways that adversaries can gain access to your Github accounts. Dropbox was a victim of this existing campaign where the phishing emails masqueraded as real CircleCI emails. Three weeks prior to the attack, GitHub warned of phishing campaigns that involved impersonation of CircleCI. It’s important to note that this is not a brand new occurrence of CircleCI phishing attempts.
#Dropbox password repository code#
The Dropbox employees use their GitHub accounts to access Dropbox’s private code repos, and their GitHub login details also get them into CircleCI. If the attacker gains access to Dropbox engineer’s GitHub login details by pretending to be CircleCI (via a sophisticated phishing attack whereby they spoofed a email address), they can use that information to get into the Dropbox GitHub organization, and then exfiltrate data from those private Git repos. On November 1st, Dropbox disclosed a security breach where the attackers stole over 130 code repositories after gaining access to one of the employee’s GitHub accounts using the stolen credentials of that employee via a well-designed phishing attack.
0 kommentar(er)
