If they have something over one of these platforms, they get whatever they want to get." They are like the gods of the environments. "The reason that ransomware actors are going after things like Kaseya is because they offer complete access.
If an attacker has that, it's game over," says Luke Roberts, who recently left F-Secure to join the security team of the financial services company G-Research. "The piece of your infrastructure that manages the rest of your infrastructure is the crown jewels. Those techniques, the two researchers argue, represent a prime example of a larger problem: The same tools that let administrators easily manage large networks can also give hackers similar superpowers. Luke Roberts and Calum Hall plan to show off tricks-which, for now, remain technical demonstrations rather than ones they've seen used by real malicious hackers-that would allow them to commandeer the remote management tool to spy on target machines, pull files off of them, spread their control from one machine to others, and ultimately install malware, as ransomware gangs do when they drop their crippling payloads. Like Kaseya, Jamf is used by enterprise administrators to set up and control hundreds or thousands of machines across IT networks. And at the Black Hat security conference next month, a pair of British researchers plans to present techniques they've developed as penetration testers for security firm F-Secure, which allowed them to hijack yet another popular tool of the same kind-this one focused on Macs rather than Windows machines-known as Jamf. Hackers are increasingly scrutinizing the entire class of tools that administrators use to remotely manage IT systems, seeing in them potential skeleton keys that can give them the run of a victim's network.įrom a Chinese state-sponsored supply chain compromise to an unsophisticated attack on a Florida water treatment plant-and many less visible events in between-the security industry has seen a growing drumbeat of breaches that took advantage of so-called remote management tools. In the wake of the devastating compromise of Kaseya's popular IT management tool, researchers and security professionals are warning that the debacle isn't a one-off event, but part of a troubling trend. Across the internet, more than a thousand companies spent the past week digging out from a mass ransomware incident.
0 kommentar(er)
