We have seen an increase in supply chain attacks in the past few years. Some of these attacks have something in common: they involve a compromised Linux server to distribute malware or act as C&C server. This presentation will use real world case studies: the Transmission BitTorrent client distributing OSX/Keydnap; the M.E. Doc compromise responsible for the famous Petya outbreak; the VestaCP administration panel used to distribute Linux/ChachaDDoS; and the Winnti Group, famous for attacking the gaming industry and high profile targets such as Asus and CCleaner to create botnets of millions of victims. In some of these cases, the ESET team was in the field and was able to witness how attackers compromise the infrastructure of the suppliers to inject malware into the build system and infect all their users when they install or update their software.
The speaker will demonstrate that these attacks are mostly performed manually, with a mix of of-the-shelf and custom tools, both on Linux and Windows. Alexis Dorais-Joncas will display the different mitigation and remediation techniques to prevent Linux servers from becoming the next low hanging fruit. Finally, he will discuss the trust problem when vendors push automatic updates and how it is hard, if not impossible, to inspect all code contained in updates.
About the speaker:
Alexis Dorais-Joncas started his career in cybersecurity in 2010 when he was hired by ESET as a malware researcher. In 2015, Alexis was appointed Head of ESET’s R&D branch office located in Montreal, where he and his team focus on cutting edge malware research, network security and targeted attack tracking. Their goal: shed light on the latest trends and developments in the malware ecosystem and implement efficient and innovative countermeasures to allow ESET customers to be safe online.