Our investigation indicates that the malware was able to execute session cookie theft, enabling them to impersonate the targeted employee in a remote location and then escalate access to a subset of our production systems.īecause the targeted employee had privileges to generate production access tokens as part of the employee’s regular duties, the unauthorized third party was able to access and exfiltrate data from a subset of databases and stores, including customer environment variables, tokens, and keys”. The malware was not detected by our antivirus software. This machine was compromised on December 16, 2022. “To date, we have learned that an unauthorized third party leveraged malware deployed to a CircleCI engineer’s laptop in order to steal a valid, 2FA-backed SSO session. According to CirlceCI’s public statement: The theft of session cookies from a Mac computer was implicated in the recent CircleCI breach. In the event that a process or user copies and steals those cookies, they can use them on a different device to log in without authentication. This is achieved by storing a session cookie on the device. The Slack App allows infinite sessions until the user explicitly logs out For convenience and productivity, browsers and many enterprise apps that are designed to work across devices, such as Slack, TeamViewer, Zoom and similar, allow the user to remain logged in until they explicitly log out. One of the top targets for observed macOS malware are session cookies stored on user’s devices. In this post, we look at the data assets targeted by macOS malware in some of the most recent in-the -wild incidents in order to help defenders better protect the enterprise and hunt for signs of compromise. In recent posts, we have looked at how threat actors deliver payloads to macOS targets and how they attempt to evade detection. On macOS, threat actors will quietly exfiltrate session cookies, keychains, SSH keys and more as malicious processes from adware to spyware look to harvest data that can be recycled and sold on various underground forums and marketplaces, or used directly in espionage campaigns and supply chain attacks.
However, the idea of stealing valuable data and then monetizing it in nefarious ways is a tactic that is now common across platforms. With a few unsuccessful exceptions, the notion of locking a Mac device and holding its owner to ransom in return for access to the machine and its data has not yet proven an attractive proposition for attackers.
#Securecrt mac serial windows#
The scourge of ransomware attacks that has plagued Windows endpoints over the past half decade or so has, thankfully, not been replicated on Mac devices.
0 kommentar(er)
