Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.
Learning Objectives:
1: Learn about a new emerging attack vector (software supply chain and updaters).
2: Investigate findings from recent incidents involving software updates.
3: Rethink update distribution and mitigate the problem.
Speaker: Elia Florio
Elia Florio is a Research Lead at Microsoft where he works on protecting customers and contributing to secure millions of computers every day. Florio is member of the Windows Defender Advanced Threat Protection (WDATP) research team, and he leads a group of talented engineers responsible for research into advanced attacks and exploitation techniques with the mission of creating innovative detections or mitigations that can raise the bar for the attackers. Previously, Florio was part of Microsoft Security Response Center (MSRC) where he worked on detection and defense projects like EMET, analyzing vulnerabilities trends and zero-day exploits.
Detailed Presentation:
Comments