Everyday IT Tools Can Offer ‘God Mode’ for Hackers
Across the internet, more than a thousand companies spent the past week digging out from a mass ransomware incident. In the wake of the devastating compromise of Kaseya's popular IT management tool, researchers and security professionals are warning that the debacle isn't a one-off event, but part of a troubling trend. Hackers are increasingly scrutinizing the entire class of tools that administrators use to remotely manage IT systems, seeing in them potential skeleton keys that can give them the run of a victim's network.
From a Chinese state-sponsored supply chain compromise to an unsophisticated attack on a Florida water treatment plant—and many less visible events in between—the security industry has seen a growing drumbeat of breaches that took advantage of so-called remote management tools. And at the Black Hat security conference next month, a pair of British researchers plans to present techniques they've developed as penetration testers for security firm F-Secure, which allowed them to hijack yet another popular tool of the same kind—this one focused on Macs rather than Windows machines—known as Jamf.
Like Kaseya, Jamf is used by enterprise administrators to set up and control hundreds or thousands of machines across IT networks. Luke Roberts and Calum Hall plan to show off tricks—which, for now, remain technical demonstrations rather than ones they've seen used by real malicious hackers—that would allow them to commandeer the remote management tool to spy on target machines, pull files off of them, spread their control from one machine to others, and ultimately install malware, as ransomware gangs do when they drop their crippling payloads.