Tech News

Beyond Kaseya: Everyday computer tools can offer ‘God’s way’ to hackers

When WIRED asked Jamf to comment, Aaron Kiemele, the company’s head of information security, said the Black Hat investigation does not show any security vulnerabilities in its software. “Management infrastructure,” Kiemel added in a note, is always attracted to “attackers”. So every time you are using a system to manage different devices, if you are giving administrative control, it is essential to safely configure and manage that system. “Jamf was referring to users this guide to “harden” Jamf environments through configuration and setting changes.

Although former F-Secure researchers relied on Jamf, there is almost no potential among remote management tools attack surface for intruders, says Jake Williams, a former NSA hacker and chief security officer at BreachQuest security company. Beyond Kaseya, tools like ManageEngine, inTune, NetSarang, DameWare, TeamViewer, GoToMyPC and others present similar juicy goals. They are ubiquitous, typically do not limit their privileges on the target computer, are often exempt from virus scans, and are ignored by security administrators and are able to install programs on a large number of machines by design. “Why are they so pretty to exploit?” Williams asks. “You have access to everything they manage. You are in God’s way.”

In recent years, Williams says he has seen in his security practice that hackers have “repeatedly” exploited remote management tools such as Kaseya, TeamViewer, GoToMyPC and DameWare in their targeted attacks against their customers. It makes it clear that not all of these tools had vulnerabilities that were themselves vulnerable, but rather that hackers used their legitimate functionality after gaining some access to the victim’s network.

In fact, cases of exploitation of the larger scale of these tools began earlier, in 2017, by a group of Chinese state hackers has made an attack on the software supply chain in the remote management tool NetSarang, they violate the Korean company behind that software by hiding the back door code in it. The a higher profile SolarWinds hacking campaign, in which Russian spies hid the malicious code in the Orion IT monitoring tool to penetrate nine US federal agencies, somehow showing the same threat. (Orion is technically a monitoring tool, not management software, it has many similar features, including the ability to execute commands on target systems.) In another trakets but trakets, a hacker used TeamViewer remote access and management tool. access to systems in a small treatment plant In Oldsmar, Florida, whether or not you try to dump dangerous amounts of bleach into the city’s water supply.

Despite being as tight as remote management tools, refusing them is not an option for many of their dependent administrators to oversee their networks. The truth is that small businesses without a well-equipped IT team often need to control all their computers without the benefit of manual supervision. Despite the techniques they will present in Black Hat, Roberts and Hall argue that Jamf can probably be positive for most networks used for security, as it allows administrators to standardize system software and configuration and maintain patches. and updated. Instead, they hope to encourage security technology vendors like point detection systems to control how remote management tools are being exploited.

In many types of remote management tool exploitation, however, such automated detection is not possible, says Williams of BreachQuest. The hopeful behavior of tools — access to many network devices, changing configurations, installing programs — is very difficult to distinguish from malicious activity. Instead, Williams argues that home security teams should learn to control the exploitation of tools and be willing to close them, as many did when they began spreading news of a vulnerability in Kaseyan last week. But he acknowledges that the solution is tough, as users of remote management tools are often unable to afford these home teams. “It’s not right there, ready to react, to limit the radius of the explosion, I don’t think there’s a lot of good advice,” Williams says. “It’s a pretty rough scenario.”

But network administrators would do well to at least begin to understand how powerful remote management tools can be hand in hand; in fact, it seems that those who abuse them know better than ever.


More great KABEKO stories


Source link

Related Articles

Back to top button