“The State of DevOps Threats Report” from GitProtect.io/Xopero Software

From GitProtect.io (Xopero Software SA)

Building DevSecOps awareness is team effort, hence GitProtect.io from Xopero Software SA, prepared a report focusing solely on practical examples, use cases, which will provide you with only the best [and tested] recommendations.

Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and, as a result, data loss are the reality that DevSecOps teams have to face…even every few days.

GitProtect.io, DevOps backup and DR, presents studies on the most severe incidents affecting tools like GitHub, GitLab, Bitbucket, or Jira.

The State of DevOps Threats Report sheds light on the most critical cybersecurity incidents concerning DevOps organizations of all time, recalling the most controversial headlines. It is the research on the number and size of incidents that occurred in the past year in GitHub, GitLab, and Atlassian. However, in order not to leave readers with a sense of threat, the authors have prepared a list of the best security practices DevSecOps teams should not ignore in the coming months.

Number of incidents in GitHub grew over 20% Y/Y
The number of incidents affecting GitHub users in 2023 increased by over 21% compared to the previous year. The 1st quarter of the year was the most active in this regard.

For GitHub, it was a year of a methodology called ‘RepoJacking’. Researchers from AquaSec concluded that 9 million repos could be vulnerable to this attack, the Checkmarx team discovered that GitHub’s vuln could have exposed over 4K packages to RepoJacking, and finally, VulnCheck had been investigating this issue and found out that over 15,000 Go module repos were vulnerable to this kind of an attack.

Hackers also used GitHub for hosting malware on a legitimate public service and used it as a dead-drop resolver to retrieve the real command-and-control (C2) address, giving a threat actor the green light to create an attack infrastructure that was reliable and inexpensive, and threatened other users and their data.

Atlassian suffers 1/3 of major impact incidents. Jira users were affected every 5 days.
About 1/3 of incidents Atlassian recognized as the major impact, which means that users experienced their occurrence in some ways. The number of incidents related to Bitbucket in 2023 decreased slightly compared to the previous year but we are talking about a difference of 2.04%. Unfortunately, Jira users could experience 50% more incidents than a year before – 75 events in total. It gives us worrying statistics of one incident every 5 days.

Last year Atlassian struggled mostly with high-severity flaws, with CVSS scores over 9 – template injection vulnerability or critical Remote Code Execution (RCE) bugs – just to name a few. Atlassian also fell victim to an attack on one of its employees, which resulted in the leak of the company’s internal data.

32% of events in GitLab impacted service performance and customers
About 32% of events in GitLab were recognized as having an impact on service performance, preventing customers from performing with full capabilities.

In August GitLab fell victim to a highly skilled assault that not only undermined the service provider’s security but also made an innovative Proxyjacking scheme possible. Initially, the attackers managed to gain access to the container using the CVE-2021-22205 vulnerability flaw (CVSS score of 10.0) which could ultimately open the door for ransomware, data theft, and other follow-on attacks. What was GitLab’s security advice? Of course, to follow the organization’s Security Incident and DR processes to revoke the compromised instance and restore the latest good working backup to a new GitLab instance.

Among other significant events, we can mention RCE flaws, a social engineering campaign that targeted the personal accounts of technology companies’ employees, critical account takeover flaws in GitLab, and more.

The report also analyzes the most serious incidents of all time, including the infamous Atlassian outage that lasted over 2 weeks, the GitLab database incident caused by human error that resulted in the loss of data from over 5,000 projects and 700 new users, and the ransomware attack and repository wipes of all 3 vendors. All of this is covered with a detailed explanation, a case study description, and recommendations for the future.

Addressing security risks – DevOps security best practices for 2024
Speaking of recommendations – the study describes in-depth security measures for protecting DevOps tool users’ data, such as penetration testing and automated continuous security monitoring, least privilege principles, vulnerability management, and, above all, best practices for DevOps data backup and DR prepared by GitProtect.io cybersecurity experts and available in The State of DevOps Threat Report. (registration required).