Defending Against CI/CD Subversion: Attackers Target Software Delivery Infrastructure
Adversaries are increasingly targeting CI/CD pipeline infrastructure, moving beyond traditional supply chain attacks to subvert the software delivery lifecycle itself.
The software supply chain remains a prime target for adversaries, with attackers increasingly focusing on subverting the infrastructure that supports the software delivery lifecycle, such as CI/CD pipelines. This trend moves beyond traditional attacks like poisoning dependencies or hijacking packages. Build servers, CI/CD runners, and package managers are now seen as attractive attack surfaces due to their inherent design of executing code automatically, often with elevated privileges.
Once an attacker gains access to this trusted infrastructure, they can manipulate the build and deployment processes to inject malicious code, exfiltrate sensitive data, or disrupt operations. The CI/CD pipeline, intended to streamline software delivery, becomes a vector for compromise, allowing attackers to move artifacts through the environment without scrutiny. This "living off the pipeline" approach leverages the trust inherent in these systems.
Defending against such attacks requires a multi-layered security strategy. This includes securing CI/CD environments, implementing strict access controls, performing regular security audits, and employing code scanning and integrity checks throughout the delivery process. Organizations must also foster a security-aware culture among development and operations teams to recognize and prevent potential subversions of their software delivery pipelines.