Malicious Updates - CompTIA Security+ SY0-701 - 2.3
Summary
TLDRThis script emphasizes the importance of keeping operating systems and applications updated to prevent security vulnerabilities. It advises best practices for updates, such as having backups and ensuring trusted sources. However, it also highlights the risk of malicious code in updates, using the SolarWinds Orion incident as an example of how attackers can exploit trusted update processes to distribute malware, even with digital signatures, to major organizations.
Takeaways
- 🛡️ Always keep your operating systems and applications updated to avoid vulnerabilities from older code.
- 🔍 Be cautious of potential malicious software in applications and updates, as attackers could embed their code within them.
- 💾 Maintain a backup before making any system changes to revert back in case of update failure.
- 🔒 Ensure updates come from trusted sources to prevent the installation of malicious updates.
- 🔄 Updates are similar to installing new applications, so verify the legitimacy of update prompts, especially if they appear unexpectedly.
- 🌐 Check the source of downloaded update files and understand the implications of performing the update.
- 🔑 Prefer downloading updates directly from the application developer's site for higher trust in the update's legitimacy.
- ✅ Many operating systems require digital signatures for application installation, providing a level of trust in the update's authenticity.
- 🔄 Some applications have built-in update processes with security checks and digital signatures, enhancing trust in the update.
- 🚨 The SolarWinds Orion incident in 2020 demonstrates that even trusted update processes can be compromised, showing the importance of vigilance.
- 🔒 Despite digital signatures and internal processes, there's no 100% guarantee of an update's legitimacy, emphasizing the need for continuous security practices.
Q & A
Why is it important to keep operating systems and applications updated?
-Keeping operating systems and applications updated is crucial to avoid vulnerabilities and security problems associated with older code. Updates often include patches for known security issues, helping to protect against potential threats.
What concerns arise when installing applications or updates?
-There is a concern that applications or updates might contain malicious software. Attackers could potentially embed their malicious code within the update, which can compromise the system if installed.
What are some best practices associated with the update process?
-Best practices include having a backup before making any changes, ensuring the update sources are trusted, and verifying the legitimacy of update messages, especially if they appear unexpectedly during web browsing.
Why is it recommended to have a backup before updating a system?
-A backup ensures that if something goes wrong during the update process, you can revert to the previous configuration, minimizing downtime and potential data loss.
How can you determine if the source of an update is trusted?
-You can determine a trusted source by checking if the software update is coming from a commonly used source or one that is officially associated with the application in question.
What does the message from the Chrome browser about updating signify?
-The message indicates that the user is using an older version of the browser and prompts them to update for smooth and secure operation. It suggests that the download will begin automatically or provides a link to start the update.
How can you assess the legitimacy of an update message that appears during web browsing?
-Assess the legitimacy by considering the context in which the message appears. If it appears unexpectedly while browsing, it may not be legitimate and should be checked further before proceeding.
What precautions should be taken when downloading updates from third-party websites?
-Ensure that the source is trusted by verifying it is a site that commonly hosts such patches. Be aware of the potential risks and understand the implications of performing the update.
What role do digital signatures play in the update process?
-Digital signatures, provided by the application developer and validated by the operating system, serve as a verification method to ensure that the update is legitimate and has not been tampered with.
How does an application's built-in update process contribute to security?
-A built-in update process usually includes security checks and digital signatures, which help verify the authenticity of the update, reducing the risk of installing malicious software.
What was the SolarWinds Orion incident, and what lessons can be learned from it?
-The SolarWinds Orion incident in December 2020 involved attackers gaining access to the development system and embedding malicious code into legitimate updates, which were then distributed to users. The lesson is that even trusted processes can be compromised, emphasizing the need for continuous vigilance and security practices.
Outlines
🛡️ Importance of System Updates and Security Precautions
This paragraph emphasizes the necessity of keeping operating systems and applications updated to protect against vulnerabilities. It also addresses concerns about the potential for malicious software within applications and updates. Best practices for updates include having a backup before making system changes, ensuring updates come from trusted sources, and verifying digital signatures from the application developer. The paragraph provides an example of a legitimate update message from the Chrome browser and advises caution with update prompts from third-party websites. It also discusses the importance of downloading updates directly from the developer's site and the security checks built into some applications' update processes. However, it highlights the SolarWinds Orion incident in December 2020, where a digitally signed update contained malware, demonstrating that even trusted update processes can be compromised.
💥 The Consequences of Compromised Updates: The SolarWinds Attack
The second paragraph delves into the aftermath of the SolarWinds Orion attack, where attackers gained unauthorized access to the development system and embedded malicious code into legitimate updates. This resulted in the attackers gaining access to hundreds of large governmental agencies and companies, effectively giving them control over the systems running the Orion software. The attackers then leveraged this access to infiltrate other unsecured systems within the affected organizations. Although such attacks are rare, they underscore the potential for adversaries to exploit trusted processes to distribute malware on a massive scale.
Mindmap
Keywords
💡Operating Systems
💡Patching
💡Vulnerabilities
💡Malicious Software
💡Updates
💡Backup
💡Trusted Sources
💡Digital Signatures
💡Application Developer
💡SolarWinds
💡Legitimacy
Highlights
The importance of keeping operating systems and applications updated to avoid vulnerabilities.
Concerns about malicious software being embedded in applications and updates.
The necessity of having a backup before making any system changes.
Ensuring updates come from trusted sources to maintain security.
The role of backups in solving problems during the update process.
Example of a legitimate update message from the Chrome browser.
Questioning the legitimacy of update prompts from third-party websites.
The need to verify the source of downloaded update files.
The significance of digital signatures in validating the legitimacy of updates.
Built-in update processes in applications and their security checks.
The SolarWinds Orion incident where a legitimate update contained malicious software.
How attackers gained access to the SolarWinds development system to insert malicious code.
The impact of the SolarWinds attack on large governmental agencies and companies.
The rarity of supply chain attacks like the SolarWinds incident.
The potential for attackers to use trusted processes to distribute malicious code automatically.
The limitations of built-in update processes and digital signatures in ensuring update legitimacy.
The importance of vigilance even when updates appear to come from legitimate sources.
Transcripts
You often hear myself and many other security professionals
tell you to always keep your operating systems up to date,
make sure all of your applications have been patched,
and any time a new set of updates comes through,
you should make sure that you patch your system
as soon as possible.
This will make sure that you're able to avoid
any type of vulnerabilities or security problems associated
with this older code.
But of course, when you're installing an application
to a device, there's always a concern
that the application itself might have malicious software
inside of it.
And the same thing applies to these updates.
We're effectively installing a new application
each time we install these updates,
and it may be possible for an attacker
to find some way to get their malicious code embedded
within the update itself.
And although we're telling you to update your system as
quickly as possible when you find one of these security
patches, there are a number of best practices
that are associated with this update process.
First, before you make any changes to any system,
you should have a backup.
This ensures that if something does go wrong during the update
process, you can revert back to the previous configuration,
and you'll be back up and running again.
You should also make sure that the sources that you're using
for this update are trusted.
This means the software that you're
using during this update is coming from a source
that you commonly would use or one that is commonly associated
with this update process.
And it's always worth mentioning again
that your backup can solve a lot of problems for you
if something does go wrong during the update process.
Here's an example of a message that you might commonly
see when an application needs to be updated.
This is for the Chrome browser, and it says, "You
are using an older version.
Update now to keep your Chrome browser running
smoothly and securely.
Your download will begin automatically.
If not, click here" where it says Update Chrome.
If this is a message that appears when you first
start your browser before you visited any other websites,
then there is a reasonable amount of trust
you can associate with this update message.
But what if this is a message that
appears once you visit one of the links that's
provided from a Google search?
There might be a question as to whether this particular update
is legitimate.
And it may be something you want to perform
a bit of extra checks before clicking that Update Chrome
button.
We're very often installing these updates
from a file that has been downloaded
from a third-party website.
So we need to look at where we're
downloading this file from.
And we need to understand more about what might happen
if we perform this update.
We should make sure that the source
is one that is indeed trusted, that we're
going to a site that commonly hosts these types of patches.
If we're getting some random pop-up message
during our normal web-browsing session that tells us
that we need to click here to update,
this might not be a legitimate update message.
And if you want to have a relatively high amount of trust
regarding this particular patch, you
should download the update directly
from the application developer site.
And many operating systems will only
install applications if they've been digitally signed.
That means that we'll get a message during the update
process that tells us that this application is from Microsoft,
or Adobe, or Google, and we can see the digital signature
associated with that update.
Because the digital signature is put there by the application
developer and our operating system validates
that digital signature, we can have a high level of trust
that this particular update is legitimate.
Sometimes, an application will have its own update process
built into the app itself.
This usually does have security checks and digital signatures
built into this process.
And although you might not see the digital signature,
the update process of the application
is automatically performing that verification.
This process has a high amount of trust
because it's the application itself
that is performing the update.
You don't have to download any files yourself.
And the update is being verified as coming from the manufacturer
of the software.
However, this process is not a 100% guarantee
that the code that you're updating is indeed legitimate.
In December of 2020, the company SolarWinds
reported that their application Orion was performing updates
for users, but the update itself contained malicious software.
These updates followed the internal update process
for the Orion application.
The update itself was digitally signed by the company.
And to anyone who's ever performed an update,
this looked like a normal update from a legitimate application
developer.
Unfortunately, months earlier, attackers
had gained access to the development system
in SolarWinds itself and put their own code
into the SolarWinds software.
Their malicious code was rolled up
into the normal updates that were
provided by other application developers within the company.
And the entire package was digitally signed
and automatically distributed to their users.
This Orion software is high-end management software,
and some of the largest organizations in the world
were running this software.
This allowed attackers to gain access
to hundreds of large governmental agencies
and companies, and it allowed them to effectively
have full rein to the entire system that was
running this Orion software.
And from there, they were able to jump from the Orion system
to other unsecured systems within those organizations.
This type of attack is relatively rare,
but it does show that an attacker could use a trusted
process to be able to automatically distribute
their malicious code to hundreds or thousands of systems
automatically.
تصفح المزيد من مقاطع الفيديو ذات الصلة
5.0 / 5 (0 votes)