MITRE ATT&CK<\/a> framework as a base, we collected techniques and attack vectors associated with DevOps environments and created a matrix dedicated to DevOps attack methods.<\/p>\n\n\n\nIt is worth noting that the tactics in this matrix must be looked at from the DevOps perspective. For example, execution techniques in a Virtual Machine running Windows or Linux OS are different from the Execution in a DevOps pipeline. In the Linux case, execution means running code in the OS. When we talk about DevOps environments, it means running code in the pipeline or DevOps resources. In addition to using this threat matrix to categorize attacks and corresponding defense methods, defenders can work alongside red teams to continuously test assumptions and find new potential attack techniques.<\/p>\n\n\n\nFigure 1. DevOps threat matrix<\/figcaption><\/figure>\n\n\n\n1. Initial access<\/h3>\n\n\n\n The initial access tactic refers to techniques an attacker may use for gaining access to the DevOps resources \u2013 repositories, pipelines, and dependencies. The following techniques may be a precondition for the next steps:<\/p>\n\n\n\n
SCM authentication \u2013 <\/strong>Access by having an authentication method to the organization\u2019s source code management. It may be a personal access token (PAT), an SSH key, or any other allowed authentication credential. An example of a method an attacker can use to achieve this technique is using a phishing attack against an organization.<\/p>\n\n\n\nCI\/CD service authentication \u2013 <\/strong>Similar to SCM authentication, an attacker can leverage authentication to the CI\/CD service in order to attack the organization\u2019s DevOps.<\/p>\n\n\n\nOrganization\u2019s public repositories \u2013 <\/strong>Access to the organization\u2019s public repositories that are configured with CI\/CD capabilities. Depending on the organization\u2019s configuration, these repositories may have the ability to trigger a pipeline run after a pull request (PR) is created.<\/p>\n\n\n\nEndpoint compromise \u2013 <\/strong>Using an existing compromise, an attacker can leverage the compromised developer\u2019s workstation, thus gaining access to the organization\u2019s SCM, registry, or any other resource the developer has access to.<\/p>\n\n\n\nConfigured webhooks \u2013 <\/strong>When an organization has a webhook configured, an attacker could use it as an initial access method into the organization\u2019s network by using the SCM itself to trigger requests into that network. This could grant the attacker access to services that are not meant to be publicly exposed, or that are running old and vulnerable software versions inside the private network.<\/p>\n\n\n\n2. Execution<\/h3>\n\n\n\n The execution tactic refers to techniques that may be used by a malicious adversary to gain execution access on pipeline resources \u2013 the pipeline itself or the deployment resources. Some of the techniques in this section contain explanations about the different ways to perform them, or what we call sub-techniques:<\/p>\n\n\n\n
Poisoned pipeline execution (PPE) \u2013 <\/strong>Refers to a technique where an attacker can inject code to an organization\u2019s repository, resulting in code execution in the repository\u2019s CI\/CD system. There are different sub-techniques to achieve code execution:<\/p>\n\n\n\n\nDirect PPE (d-PPE) \u2013<\/strong> Cases where the attacker can directly modify the configuration file inside the repository. Since the pipeline is triggered by a new PR and run according to the configuration file \u2013 the attacker can inject malicious commands to the configuration file, and these commands are executed in the pipeline.<\/li>\n\n\n\nIndirect PPE (i-PPE) \u2013<\/strong> Cases where the attacker cannot directly change the configuration files, or that these changes are not taken into account when triggered. In these cases, the attacker can infect scripts used by the pipeline in order to run code, for example, make-files, test scripts, build scripts, etc.<\/li>\n\n\n\nPublic PPE \u2013<\/strong> Cases where the pipeline is triggered by an open-source project. In these cases, the attacker can use d-PPE or i-PPE on the public repository in order to infect the pipeline.<\/li>\n<\/ol>\n\n\n\nDependency tampering \u2013 <\/strong>Refers to a technique where an attacker can execute code in the DevOps environment or production environment by injecting malicious code into a repository\u2019s dependencies. Thus, when the dependency is downloaded, the malicious code is executed. Some sub-techniques that can be used to achieve code execution include:<\/p>\n\n\n\n\nPublic dependency confusion \u2013<\/strong> A technique where the adversary publishes public malicious packages with the same name as private packages. In this case, because package search in package-control mechanisms typically looks in public registries first, the malicious package is downloaded.<\/li>\n\n\n\nPublic package<\/strong> hijack<\/strong> (\u201crepo<\/strong>-jacking\u201d) \u2013<\/strong> Hijacking a public package by taking control of the maintainer account, for example, by exploiting the GitHub user rename feature.<\/li>\n\n\n\nTyposquatting \u2013<\/strong> Publishing malicious packages with similar names to known public packages. In this way, an attacker can confuse users to download the malicious package instead of the desired one.<\/li>\n<\/ol>\n\n\n\nDevOps resources compromise \u2013 <\/strong>Pipelines are, at the core, a set of compute resources executing the CI\/CD agents, alongside other software. An attacker can target these resources by exploiting a vulnerability in the OS, the agent\u2019s code, other software installed in the VMs, or other devices in the network to gain access to the pipeline.<\/p>\n\n\n\nControl of common registry \u2013<\/strong> An attacker can gain control of a registry used by the organization, resulting in malicious images or packages executed by the pipeline VMs or production VMs.<\/p>\n\n\n\n3. Persistence<\/h3>\n\n\n\n The persistency tactic consists of different techniques that an attacker may use for maintaining access to a victim environment:<\/p>\n\n\n\n
Changes in repository \u2013 <\/strong>Adversaries can use the automatic tokens from inside the pipeline to access and push code to the repository (assuming the automatic token has enough permissions to do so). They can achieve persistency this way using several sub-techniques:<\/p>\n\n\n\n\nChange\/add scripts in code \u2013 we can change some of the initialization scripts\/add new scripts, so they download a backdoor\/starter for the attacker, so each time the pipeline is executing these scripts, the attacker\u2019s code will be executed too.<\/li>\n\n\n\n Change the pipeline configuration \u2013 we can add new steps in the pipeline to download an attacker-controlled script to the pipeline before continuing with the build process.<\/li>\n\n\n\n Change the configuration for dependencies locations \u2013 to use attacker-controlled packages.<\/li>\n<\/ol>\n\n\n\nInject in Artifacts \u2013<\/strong> some CI environments have the functionality for creating artifacts to be shared between different pipeline executions. For example, in GitHub we can store artifacts and download them using a GitHub action from the pipeline configuration.<\/p>\n\n\n\nModify images in registry \u2013<\/strong> In cases where the pipelines have permissions to access the image registry (for example, for writing back images to the registry after build is done) the attacker could modify and plant malicious images in the registry, which would continue to be executed by the user\u2019s containers.<\/p>\n\n\n\nCreate service credentials \u2013<\/strong> A malicious adversary can leverage the access they already have on the environment and create new credentials for use in case the initial access method is lost. This could be done by creating an access token to the SCM, to the application itself, to the cloud resources, and more.<\/p>\n\n\n\n4. Privilege escalation<\/h3>\n\n\n\n The privilege escalation techniques are used by an attacker to elevate the privileges in the victim\u2019s environment, gaining higher privileges for already compromised resources:<\/p>\n\n\n\n
Secrets in private repositories \u2013 <\/strong>Leveraging an already gained initial access method, an attacker could scan private repositories for hidden secrets. The chances of finding hidden secrets in a private repo are higher than in a public repository, as, from the developer\u2019s point of view, this is inaccessible from outside the organization.<\/p>\n\n\n\nCommit\/push to protected branches \u2013 <\/strong>The pipeline has access to the repository that may be configured with permissive access, which could allow to push code directly to protected branches, allowing an adversary to inject code directly into the important branches without team intervention.<\/p>\n\n\n\nCertificates and identities from metadata services \u2013 <\/strong>Once an attacker is running on cloud-hosted pipelines, the attacker could access the metadata services from inside the pipeline and extract certificates (requires high privileges) and identities from these services.<\/p>\n\n\n\n5. Credential access<\/h3>\n\n\n\n Credential access techniques are used by an attacker to steal credentials:<\/u><\/strong><\/p>\n\n\n\n User<\/strong> credentials<\/strong> \u2013<\/strong> In cases where the customer requires access to external services from the CI pipeline (for example, an external database), these credentials reside inside the pipeline (can be set by CI secrets, environment variables, etc.) and could be accessible to the adversary.<\/p>\n\n\n\nService<\/strong> credentials \u2013<\/strong> There are cases where the attacker can find service credentials, such as service-principal-names (SPN), shared-access-signature (SAS) tokens, and more, which could allow access to other services directly from the pipeline.<\/p>\n\n\n\n6. Lateral movement<\/h3>\n\n\n\n The lateral movement tactic refers to techniques used by attackers to move through different resources. In CI\/CD environments, this may refer to moving to deployment resources, to build artifacts and registries, or to new targets.<\/p>\n\n\n\n
Compromise build artifacts \u2013<\/strong> As in other supply chain attacks, once the attacker has control of the CI pipelines, they can interfere with the build artifacts. This way, malicious code could be injected into the building materials before building is done, hence injecting the malicious functionality into the build artifacts.<\/p>\n\n\n\nRegistry injection \u2013 <\/strong>If the pipeline is configured with a registry for the build artifacts, the attacker could infect the registry with malicious images, which later would be downloaded and executed by containers using this registry.<\/p>\n\n\n\nSpread to deployment resources \u2013 <\/strong>If the pipeline is configured with access to deployment resources, then the attacker has the same access to these resources, allowing the attacker to spread. This could result in code execution, data exfiltration and more, depending on the permissions granted to the pipelines.<\/p>\n\n\n\n7. Defense evasion<\/h3>\n\n\n\n Defense evasion techniques could be used by attackers to bypass defenses used in a DevOps environment and allow attacks to continue under the radar:<\/p>\n\n\n\n
Service logs manipulation \u2013 <\/strong>Service logs enable defenders to detect attacks in their environment. An attacker running inside an environment (for example, in the build pipelines) could change the logs to prevent defenders from observing the attack. This is similar to an attacker changing the history logs on a Linux machine, preventing any observer from seeing the commands executed by the attacker.<\/p>\n\n\n\nCompilation manipulation \u2013 <\/strong>if an attacker wishes to leave no traces in the SCM service, the attacker may change the compilation process in order to inject the malicious code. This may be done in several ways:<\/p>\n\n\n\n\nChanging the code on the fly \u2013 Changing the code right before the build process begins, without changing it in the repository and leaving traces in it.<\/li>\n\n\n\n Tampered compiler \u2013 Changing the compiler in the build environment to introduce the malicious code without leaving any traces before that process begins.<\/li>\n<\/ol>\n\n\n\nReconfigure branch protections \u2013 <\/strong>Branch protection tools allow an organization to configure steps before a PR\/commit is approved into a branch. Once an attacker has admin permissions, they may change these configurations and introduce code into the branch without any user intervention.<\/p>\n\n\n\n8. Impact<\/h3>\n\n\n\n The impact tactic refers to the techniques an attacker could use for exploiting access to the CI\/CD resources for malicious purposes, and not as another step in the attack, as these techniques could be noisy and easy to detect:<\/p>\n\n\n\n
DDoS \u2013 <\/strong>An adversary could use the compute resources they gained access to in order to execute distributed denial of services (DDoS) attacks on external targets.<\/p>\n\n\n\nCryptocurrency mining \u2013 <\/strong>The compute resources could be used for crypto mining controlled by an adversary.<\/p>\n\n\n\nLocal DoS \u2013 <\/strong>Once the attacker is running on the CI pipelines, the attacker can perform a denial service attack from said pipelines to customers by shutting down agents, rebooting, or by overloading the VMs.<\/p>\n\n\n\nResource deletion \u2013 <\/strong>An attacker with access to resources (cloud resources, repositories, etc.) could permanently delete the resources to achieve denial of services.<\/u><\/strong><\/p>\n\n\n\n9. Exfiltration<\/h3>\n\n\n\n The exfiltration tactic refers to different techniques that could be used by an attacker to exfiltrate sensitive data from victim environment:<\/p>\n\n\n\n
Clone private repositories \u2013 <\/strong>Once attackers have access to CI pipelines, they also gain access to the private repositories (for example, the GITHUB_TOKEN can be used in GitHub), and therefore could clone and access the code, thus gaining access to private IP.<\/p>\n\n\n\nPipeline logs \u2013 <\/strong>An adversary could access the pipeline execution logs, view the access history, the build steps, etc. These logs may contain sensitive information about the build, the deployment, and in some cases even credentials to services, to user accounts and more.<\/p>\n\n\n\nExfiltrate data from production resources \u2013 <\/strong>In cases where the pipelines can access the production resources, the attackers will have access to these resources as well. Therefore, they can abuse this access for exfiltrating production data.<\/p>\n\n\n\n