Unpacking a Linux Supply Chain Compromise Using the Recently Published XZ Utils Backdoor as the Example

Webinar Registration

Supply Chain compromises are some of the most ambitious and devious achievements by cybercriminals today. Rather than taking the easy way out with spear phishing, these threat actors look for ways to take advantage of software already existing on tens or even hundreds of thousands of systems globally to provide a means of accessing the largest group of potential targets possible.

One such compromise is the RCE via SSH backdoor found within the data compression library of the command line tool XZ Utils. Published as critical vulnerability CVE-2024-3094, this supply chain compromise enables attackers to bypass SSH authentication and execute remote code on affected systems.

In this Real Training for Free session, Nick Cavalancia takes my seat as he first covers the reality of supply chain attacks, how prevalent they are, and why threat groups invest so much effort into finding and taking advantage of vulnerabilities in tools within the supply chain.

Up next, you’ll hear from Tomer Aviram, Sr. CyOps Analyst at Cynet, along with George Tubin, Director of Product Strategy at Cynet.

Tomar will first discuss how the threat actor believed to be behind this vulnerability used increasingly sophisticated tactics to implement this multi-stage attack, demonstrating the attacker’s advanced understanding of the targeted systems and libraries.

He’ll then demonstrate a step-by-step breakdown of the attack, including:

How the vulnerability targets x86-64 Linux systems, and which XZ Utils are affected
The obfuscation techniques used, such as the awk command to implement an RC4-like decryption algorithm
The decrypted binary payload containing the core of the backdoor functionality
Key vectors in the backdoor execution
How the backdoor hijacks the RSA_public_decrypt function to enable remote code execution on a compromised system

Next, George will demonstrate detection methods (developed by Cynet’s research team) to assess risks related to this vulnerability within an IT environment. He’ll also provide recommended mitigations based on attack actions.

This Real Training for Free session will be full of practical real-world application. Register now!

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
State:	Required
Employees:	Required
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.