Unpacking a Linux Supply Chain Compromise Using the Recently Published XZ Utils Backdoor as the Example

Webinar Registration

Supply Chain compromises are some of the most ambitious and devious achievements by cybercriminals today. Rather than taking the easy way out with spear phishing, these threat actors look for ways to take advantage of software already existing on tens or even hundreds of thousands of systems globally to provide a means of accessing the largest group of potential targets possible.

One such compromise is the RCE via SSH backdoor found within the data compression library of the command line tool XZ Utils. Published as critical vulnerability CVE-2024-3094, this supply chain compromise enables attackers to bypass SSH authentication and execute remote code on affected systems.

In this Real Training for Free session, Nick Cavalancia takes my seat as he first covers the reality of supply chain attacks, how prevalent they are, and why threat groups invest so much effort into finding and taking advantage of vulnerabilities in tools within the supply chain.

Up next, you’ll hear from Tomer Aviram, Sr. CyOps Analyst at Cynet, along with George Tubin, Director of Product Strategy at Cynet.

Tomar will first discuss how the threat actor believed to be behind this vulnerability used increasingly sophisticated tactics to implement this multi-stage attack, demonstrating the attacker’s advanced understanding of the targeted systems and libraries.

He’ll then demonstrate a step-by-step breakdown of the attack, including:

  • How the vulnerability targets x86-64 Linux systems, and which XZ Utils are affected
  • The obfuscation techniques used, such as the awk command to implement an RC4-like decryption algorithm
  • The decrypted binary payload containing the core of the backdoor functionality
  • Key vectors in the backdoor execution
  • How the backdoor hijacks the RSA_public_decrypt function to enable remote code execution on a compromised system

Next, George will demonstrate detection methods (developed by Cynet’s research team) to assess risks related to this vulnerability within an IT environment. He’ll also provide recommended mitigations based on attack actions.

This Real Training for Free session will be full of practical real-world application. Register now!

First Name:  
Last Name:  
Work Email:  
Phone:
Job Title:
Organization:
Country:  
State:
Employees:
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.

 

 

Upcoming Webinars
    Additional Resources