The FBI has published a security alert in its website warning companies about attacks against SonarQube, a web app used for checking bugs in source code. These were identified and rectified before deploying them into the user environment. And since this is crucial, users of SonarQube connect them to their code repositories, but with weak security protocols. This lets attackers access and steals their proprietary code data.
Attacks on Weak SonarQube Instances
SonarQube is a platform to check source code integrity. It’s used by several companies to let vulnerabilities in their source codes, before making any useful services based on them and deploying in the user environment. This needs the users (companies) to install SonarQube web apps on their servers and connect to their code repositories like GitHub, GitLab, BitBucket etc.
While this seemed fines, FBI’s public notice warns that system admins are leaving their SonarQube instances with misconfigured settings, thus letting attackers to target and exploit them. There isn’t any actual vulnerability in the SonarQube system, but running them on their default configuration of port 9000 with default admin credentials (admin/admin) makes them vulnerable.
The source code of @novasolutionsys has been published on a public repo.
Among the contents there are the mobile application source codes of Mexican banks like:
– @Citibanamex
– @BancoSabadellMX
– @BanCoppelThe data was allegedly taken from a misconfigured SonarQube instance. pic.twitter.com/yn48OrtWFI
— Bank Security (@Bank_Security) August 18, 2020
The attacks on such misconfigured SonarQube instances are happening since April this year, which led the FBI to send private alerts to target companies and government agencies warning them. And now, this alert was published to everyone on their website.
They have mentioned that hackers are accessing such misconfigured SonarQube instances and rerouting to connected repositories to steal the source code. FBI in its alter have explained two cases too, as below;
“In August 2020, unknown threat actors leaked internal data from two organizations through a public lifecycle repository tool. The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations’ networks.”
“This activity is similar to a previous data leak in July 2020, in which an identified cyber actor exfiltrated proprietary source code from enterprises through poorly secured SonarQube instances and published the exfiltrated source code on a self-hosted public repository.”
Other Trending News:- News
