T0164 - Inject malicious dependency to privileged user repository

M1500

Mitigation

Mitigation Verify third-party artifacts and open-source libraries Verify third-party artifacts used in code are trusted and have not been infected by a malicious actor before use.

This can be accomplished, for example, by comparing the checksum of the dependency to its checksum in a trusted source. If a difference arises, this may be a sign that someone interfered and added malicious code. If this dependency is used, it will infect the environment and could end in a massive breach, leaving the organization exposed to data leaks and more.

M1502

Mitigation

Mitigation Define trusted package managers and repositories When pulling a package by name, the package manager might look for it in several package registries, some of which may be untrusted or badly configured.

If the package is pulled from such a registry, there is a higher likelihood that it could prove malicious. In order to avoid this, configure packages to be pulled from trusted package registries.

M1503

Mitigation

Mitigation Implement SCA analysis Component Analysis is the process of identifying potential areas of risk from the use of third-party and open-source software and hardware components.

The best option for implementing SCA analysis is integration of SCA analysis tools into your CI/CD environment in order to scan your source code dependencies before the release.

M1591

Mitigation

Mitigation Validate dependencies Validate every dependency of the pipeline before use.

To ensure that a dependency used in a pipeline is trusted and has not been infected by a malicious actor (e.g., the Codecov incident), validate dependencies before using them. This can be accomplished by comparing the checksum of the dependency to its checksum in a trusted source. If a difference arises, this is a sign that an unknown actor has interfered and may have added malevolent code. If this dependency is used, it will infect the environment, which could end in a massive breach and leave the organization exposed to data leaks, etc.

M1732

Mitigation

Mitigation Implement code scanning for security risks Scanning pull requests to detect risks allows for early detection of vulnerable code and/or dependencies and helps mitigate potentially malicious code.

For every repository in use, enforce risk scanning on every pull request.

D1260

Detection

Detection Implement regular security audit and review Conduct regular security audits and vulnerability assessments of your systems and storages configurations to identify and address any potential misconfigurations or vulnerabilities that could lead to exposed storage.

This includes reviewing access controls, encryption settings, and other security configurations to ensure they are aligned with best practices and organizational security policies.

D1261

Detection

Detection Implement penetration testing Penetration testing, also known as ethical hacking or vulnerability assessment, is a proactive approach to mitigating cybersecurity risks.

It involves simulating real-world cyber attacks on a system, network, or application in a controlled and authorized manner to identify vulnerabilities and weaknesses that could be exploited by malicious actors.

D1262

Detection

Detection Implement vulnerability assesment Vulnerability assessment is a proactive approach to mitigating cybersecurity risks by systematically identifying, evaluating, and prioritizing vulnerabilities in a system, network, or application.

It involves conducting regular assessments to identify potential weaknesses that could be exploited by attackers, and taking appropriate actions to remediate or mitigate those vulnerabilities.

D1500

Detection

Detection Configure monitoring of used artifacts and open-source libraries Implement regular scanning of used artifacts and open-source libraries for known vulnerabilities.

Set up monitoring of reported issues based on regular scanning results.

D1510

Detection

Detection Implement Intrusion Detection System and anti-malware An intrusion detection system (IDS) is a security tool designed to detect and alert on unauthorized access to a computer system or network.

Implementing intrusion detection systems (IDS) and anti-malware software can help to identify and block malicious activity. IDS is a critical security tool that helps organizations to detect and respond to security incidents in a timely manner. By providing real-time monitoring and analysis of network traffic, IDS can help organizations to stay ahead of potential threats and reduce the risk of a security breach.