Check Point has just announced its latest tool, the GitHub Abuse Engine, which leverages artificial intelligence (AI) and algorithms to stop users from being abused on the platform.
The cybersecurity company Check Point has added another weapon to its arsenal, the GitHub Abuse Engine, a tool powered by AI to “detect and mitigate malicious abuse” on the platform.
The open-source project repository has become a useful space for credential stealing and “drive-by downloads,” Check Point said.
Check Point’s tool is integrated within its ThreatCloud AI, which has been described as “the central nervous system” of Check Point’s security system.
Typically, the most effective way to deal with abuse on GitHub is analysis of URLs via active browsing.
However, this method is expensive and isn’t proactive as it can only be done when attacks have been launched.
Furthermore, the cybersecurity company said that the industry faces many false positives as clones of popular sites that are used for testing are often “instantly and blindly blocked by vendors.”
The GitHub Abuse Engine uses AI and code analysis to help identify anomalous activity in behaviour patterns, which, Check Point adds, leads to very few false positives.
How does the GitHub Abuse Engine work?
The tool looks at GitHub accounts, anonymous accounts, and GitHub users with public repos.
Then the engine identifies information about the user, repositories, main files, and JavaScript files.
“It also uses AI to do a comprehensive code analysis and to identify credential theft and other malicious code techniques,” Check Point said in a blog post.
Check Point’s tool features a “multi-layered algorithm” that includes data collection, feature extraction, pattern recognition, threat classification, and cross-referencing with ThreatCloud AI.
One case study showed that a GitHub user was using a malicious web page to commit credential theft.
The page was created by an anonymous user who leveraged the “escape-based obfuscation technique” to disguise their credential theft activity.
Upon detection, Check Point’s tool investigated and found a suspicious pattern.
“It discovered that a form was secretly added to the webpage using JavaScript. This form sent data to an external site controlled by the attacker, not associated with cPanel. This clearly indicates malicious activity.”
Your email address will not be published. Required fields are markedmarked