Presented at the VB2023 conference in London, 4 - 6 October 2023.
↓ Slides: N/A
↓ Paper: www.virusbulle...
→ Details: www.virusbulle...
✪ PRESENTED BY ✪
• Patrick Wardle (Objective-See)
✪ ABSTRACT ✪
Supply chain attacks are some of the most damaging cybersecurity incidents, capable of infecting a massive number of unsuspecting users and companies through widely used and trusted software components. Although the majority of supply chain attacks target Windows-based computers, the recent attack against the popular PBX software provider 3CX was also capable of infecting macOS systems.
In this talk, we will detail the macOS components leveraged in this attack, starting with the initial trojanization component: a single dynamic library surreptitiously modified with malicious logic. After comprehensively analysing this first-stage component, we will dive into the second-stage payload, detailing its core capabilities.
We will wrap up the talk by focusing on heuristic methods of detections that were able to thwart many aspects of this specific attack, even with no a priori knowledge. Better yet, we'll show how such detection approaches can generically be leveraged to detect and mitigate other sophisticated supply chain attacks as well.
Негізгі бет Mac ing sense of the 3CX supply chain attack analysis of the macOS payloads - Patrick Wardle
Пікірлер