fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

FBI: Hackers Stole Government Source Code Via SonarQube Instances

FBI: Hackers Stole Government Source Code Via SonarQube Instances

The Federal Bureau of Investigation (FBI) issued a flash alert warning of hackers stealing data from U.S. government agencies and enterprise organizations via internet-exposed and insecure SonarQube instances.

SonarQube is an open-source platform for automated code quality auditing and static analysis to discover bugs and security vulnerabilities in projects using 27 programming languages.

Vulnerable SonarQube servers have been actively exploited by attackers since April 2020 to gain access to data source code repositories owned by both government and corporate entities, later exfiltrating it and leaking it publicly.

Dozens of companies already had their source code leaked

The FBI says that it has identified several such incidents where the attackers have abused SonarQube configuration vulnerabilities since the attacks have started.

“Beginning in April 2020, the FBI observed source code leaks associated with insecure SonarQube instances from US government agencies and private US companies in the technology, finance, retail, food, eCommerce, and manufacturing sectors,” the FBI says in the TLP:WHITE flash alert.

Even though the FBI doesn’t point to public reporting of such attacks, BleepingComputer reported in July of dozens of companies having their source code stolen and leaked online.

Developer and reverse engineer Tillie Kottmann collected and published the leaked code of over 50 companies including Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon (owned by Huawei), Mediatek, GE Appliances, Nintendo, Roblox, Disney, and more in a public GitLab repository.

Kottmann said at the moment that there are thousands of companies that expose proprietary source code by failing to properly secure their SonarQube installations.

Kottmann also leaked roughly 20 GB of Intel confidential documents during August, after receiving them from an anonymous source who allegedly breached the company’s servers earlier.

The company later told BleepingComputer that the “information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access.”

Previous attacks and mitigation measures

The threat actors start their attacks by first scanning for Internet-exposed SonarQube instances using the default port number (i.e., 9000) the FBI explains.

After discovering an exposed server, they attempt to gain access to vulnerable instances using default admin/admin credentials.

While not naming any names, the FBI highlights two such events in the flash alert, one conducted by an identified actor and one where the attackers are still unknown:

• In July 2020, an identified cyber actor exfiltrated proprietary source code from enterprises through poorly secured SonarQube instances and published the exfiltrated source code on a self-hosted public repository.

• In August 2020, unknown threat actors leaked internal data from two organizations through a public lifecycle repository tool. The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations’ networks.

The FBI provides the following mitigation measures to block attacks:

• Change the SonarQube default settings, including changing default administrator username, password, and port (9000).
• Place SonarQube instances behind a login screen, and check if unauthorized users have accessed the instance.
• Revoke access to any application programming interface keys or other credentials that were exposed in a SonarQube instance, if feasible.
• Configure SonarQube instances to sit behind your organization’s firewall and other perimeter defenses to prevent unauthenticated access.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us