- Secret leak
- In the realm of software supply chains, attackers covet secrets. Gaining access to customer secrets enables attackers to advance to the next stage of their malicious activities.
ID: T0198
Type:
Technique
Tactic:
Impact
Summary:
Secret leak
State:
draft
Mitigations
id
type
summary
description
M1661
Mitigation
Revoke user permissions
Remove permissions granted on the SCM repository from users that do not need them.
Limit access to configuration files. Only grant access to users who need it to modify the configuration files.
M1860
Mitigation
Implement strong authentication mechanisms
Authentication is the process of verifying the identity of a user or entity accessing the SCM system.
Strong authentication typically involves using multiple factors to verify the user's identity, beyond just a username and password.
This may include factors such as something the user knows (e.g., password), something the user has (e.g., smart card or token), and something the user is (e.g., biometric data like fingerprint or facial recognition).
Multi-factor authentication (MFA) can significantly enhance the security of SCM systems by adding an additional layer of protection against unauthorized access.
M1861
Mitigation
Implement strong authorization mechanisms
Strong authorization ensures that users only have access to the resources and actions that are necessary for their job functions and responsibilities, and nothing more.
This can be achieved through proper access controls, such as role-based access control (RBAC) or attribute-based access control (ABAC), which define fine-grained permissions and privileges for users, groups, and repositories in the SCM system.
Regularly review user permissions and remove all unnecessary permissions for specific users.
Detections
id
type
summary
description
D1860
Detection
Configure audit logs for SCM
Audit logs can capture various types of events, such as user logins, file modifications, repository access, changes to access permissions, administrative actions, and system events.
These events can provide insights into who did what, when, and where in the SCM system, helping to detect and investigate potential security incidents, including source code leaks.