It Takes Hackers One Minute to Find and Abuse Credentials Exposed on GitHub

by
martyb
from SoylentNews on (#58TQZ)

MrPlow wrote in with a submission, via IRC, for SoyCow639.

It Takes Hackers 1 Minute To Find And Abuse Credentials Exposed On Github - Comparitech:

Developers routinely use GitHub to back up, share, and manage changes to code. GitHub code repositories are usually public, meaning anyone can find and access code that's been uploaded to the site. And all too often, developers forget to remove sensitive data from their code before putting it on GitHub.

[...] But how long does it take for attackers to find data once it's exposed, and what do they do with it? Comparitech researchers sought to find answers to these questions by setting up a honeypot.

Our researchers created multiple accounts on Amazon Web Services (AWS) and GitHub. They then published user credentials such as AWS IDs and secret keys in public GitHub repositories. Using the AWS CloudTrail service, they then watched and logged attackers who used the credentials to access our AWS servers.

Researchers set up the dummy accounts with programmatic access but no permissions to prevent the attackers from impacting our AWS infrastructure. The user was assigned a policy with full access to any part of the AWS elastic cloud service (AmazonEC2FullAccess).

The AWS Athena service was used to search and query the logs of attacks by time, event, and IP address.

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments