Microsoft’s GitHub is being abused by hackers and ransomware groups. But can it be fixed?
With hackers abusing GitHub to perpetuate their attacks, Microsoft should use AI to clean up its industry-leading software-sharing platform.
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
What you need to know
With CES wrapping up, the entire corporate world is focused on AI and how it can make these corporations more money. There have been a lot of promises about how AI can facilitate a safer digital world, but I have yet to see much fruit from such talk. The Insikt group, the threat research team of Recorded Future, released areporttoday discussing how GitHub is increasingly used for malicious infrastructure by threat actors and Advanced Persistent Threats (APTs.)
This issue in and of itself is a problem and worthy of news, but it seems to me that this is the perfect opportunity for Microsoft to show the world what it can do. It reminds me of the cheating epidemic in games like Activision’s Call of Duty Warzone. Activision had to make a bespoke machine-driven anti-cheat system calledRicochet, which repeatedly bans thousands of cheaters. Similarly, Microsoft should be looking to use Copilot to intelligently inspect, analyze, and verify every single piece of code uploaded to theextremely popular site GitHub, which it acquired in 2018.
How are hackers abusing GitHub?
Microsoft is working on fixing its many cybersecurity woes. While hackers have been ‘living off the land’ in Windows for years, meaning using the programs and executables available on the operating system they gain initial access to, they are now finding similar success using trusted sites. Coined by The Insikt Group in their report, ‘living off trusted sites’ is similar to the well-known cybersecurity term ‘living off the land.’ Using trusted sites, these threat groups can bypass most enterprise controls and blend in with regular traffic, significantly increasing their effectiveness and anti-detection capabilities.
If you’re looking for an in-depth analysis of the GitHub issue and its prevalence, feel free to check out theInsikt Groups full report, but we have you covered for the cliff notes version. Sophisticated hackers, also called APTs, use GitHub for several essential infrastructure necessities to achieve an attack chain on a target.
GitHub’s services are abused both by cybercriminals and advanced persistent threats (APTs) for a wide range of malicious infrastructure schemes, including payload delivery, DDR, exfiltration, command-and-control (C2), and other purposes (such as phishing).
As the Insikt Group explains, threat actors are using GitHub to deliver payloads, meaning once they get initial access to a target machine, they will typically run a script to download a malicious payload to the host. This is the most common use case for GitHub, but some APTs are using it for C2, meaning they are sending and receiving commands from GitHub repositories and exfiltrating data to GitHub in some cases.
The Insikt Group explains why GitHub is such a threat and so effective for threat groups as a delivery mechanism for their attacks. These are some of the advantages that GitHub gives to attackers.
In my opinion, this is a pretty big black eye for Microsoft. People are comparing GitHub to Pastebin because of how insecure the site seems. Microsoft, of course, has integratedCopilot into GitHub. Still, I believe there should be a more significant focus on cleaning up the site before trying to integrate end-user AI solutions.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
How Microsoft can use AI to clean up GitHub
While LLMs and AI generally have not mastered everything perfectly yet, it seems universally agreed that they have a good handle on coding and programming.ChatGPT helped code a gameand was pretty adept at following instructions. That being said, it should be possible to use Copilot as a sort of content filter. Like how YouTube checks for inappropriate content, it should be able to run every piece of code uploaded to its platform in a virtual sandbox and analyze what the code is doing. If the code looks suspicious, it should be flagged for manual human review.
Recorded Future shows how GitHub has been used maliciously in areal-world scenario. It is fascinating to see how Zscaler tracked a North Korean threat group’s GitHub as they hosted malicious files on it and targeted several South Korean industries.
Overall, it’s time for Microsoft to use Copilot/AI for improvements to its subsidiaries instead of constantly pushing consumer-focused solutions. It would take a significant workforce to clean up GitHub, which is likely why Microsoft has been so slow to do so, but with the help of AI, the task should be more manageable.
Can Microsoft ever solve its security problems?
Microsoft isrolling out Security Copilotand has data that it is helping cybersecurity defenders perform better; however, as with so many things with Microsoft, this depends on the customer doing the work, and Microsoft is keeping a hands-off approach.
Microsoft is known for not investing a lot in things like customer service, and that mentality seems to have rolled over to cybersecurity. Sure, they have engineers to keep things up and running, and they work to push updates for Patch Tuesday, but so much of what they do seems to be reactionary. With the tidal wave of AI integration into everything technology, it is the perfect time for Microsoft to start backing up its words and securing itself before looking outward to other enterprises.
Something that doesn’t seem to be changing throughout this news is that there is and will continue to be a need for human analysts and engineers on the frontlines to defend corporations from these malicious actors. If you are interested, check out ourguide on how to get started in cybersecurity.
WhileMicrosoft was responsible for leaking its plans for Xbox over the next several years, Sony’sInsomniac was recently breachedby a sophisticated threat group, and the damage done from that leak is hard to quantify. Suppose Microsoft can’t keep its own house in order. In that case, it will be more difficult, as a company that sells cybersecurity solutions, to protect the enterprise clients that use Defender and other Microsoft security products. Suppose Microsoft can shore up its holes and weaknesses by hardening its OS, Servers, and subsidiaries like GitHub. In that case, it will drastically decrease the number of successful breaches worldwide, which is a win-win for everybody involved.
What do you think about GitHub being used so successfully by hackers? Can Microsoft use AI to help moderate the code being uploaded to GitHub? Let us know what you think in the comments.
Colton is a seasoned cybersecurity professional that wants to share his love of technology with the Windows Central audience. When he isn’t assisting in defending companies from the newest zero-days or sharing his thoughts through his articles, he loves to spend time with his family and play video games on PC and Xbox. Colton focuses on buying guides, PCs, and devices and is always happy to have a conversation about emerging tech and gaming news.
