The researchers have tried out two different scenarios, and the level access required for both is high.
“After controlling the SSM Agent, the attackers can carry out malicious activities, such as data theft, encrypting the filesystem (as a ransomware), misusing endpoint resources for cryptocurrency mining and attempting to propagate to other endpoints withing the network – all under the guise of using a legitimate software, the SSM Agent,” Mitiga researchers Ariel Szarf and Or Aspir explained.
The presence of the SSM Agent, a software component that enterprise sysadmins use to manage the endpoints from the AWS account using the AWS System Manager service. Attackers gaining initial access to the machine (e.g., by exploiting an unpatched vulnerability on a public-facing instance/server), and. The success of this “ living off the land” technique hinges on: Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual servers), as well as to non-EC2 machines (e.g., on-premises enterprise servers and virtual machines, and VMs in other cloud environments).
0 kommentar(er)
