.webp)
HOW TO RECOVER FROM THE LATEST GITHUB SUPPLY CHAIN ATTACK THAT LEAKED DATA FROM MORE THAN 20,000 ORGANISATIONS – NETWRIX CYBERSECURITY EXPERT COMMENTS
HOW TO RECOVER FROM THE LATEST GITHUB SUPPLY CHAIN ATTACK THAT LEAKED DATA FROM MORE THAN 20,000 ORGANISATIONS – NETWRIX CYBERSECURITY EXPERT COMMENTS - Malware Update
More than 20,000 organisations have been affected in the latest large-scale supply chain attack that targeted the widely used GitHub Action tj-actions/changed files. The attackers modified the Github Action code that is used to retrieve all files and directories within repositories, meaning that any project using these actions would be leaking data immediately.
Michael Paye, VP of Research & Development at Netwrix shares the following insights on the incident, highlighting the necessary steps organisations need to take immediately to protect their sensitive information:
“Unfortunately, supply chain attacks of this nature are becoming more common and challenging to avoid. The current story once again underscores the benefits of following the principle of least privilege and separating responsibilities between key services. For any affected organisations it's essential that they follow four essential steps to mitigate the impact of this attack.
“First, they need to immediately revoke access to any compromised secrets to prevent further misuse. Then, the security team should review logs for unauthorised access and keep monitoring their IT environment for unusual activity to detect any lingering threats or suspicious behaviour that might indicate further compromise. The next step will be to rotate secrets.
“Even after revocation, changing credentials ensures that any previously exposed secrets are no longer valid. Finally, all the affected parties should be notified about the incident and its impact to encourage security measures updates and ensure regulatory compliance.”
