Anatomy of an Attack: Atomic Stealer malware

Learn about the cyber kill chain and how to use it to learn more about the threats and threat actors targeting your enterprise. Also, Jamf Threat Labs takes you on a deep dive into the anatomy of an attack, dissecting each phase of an attack by the Atomic Stealer malware.

November 14 2024 by

Jesus Vigo

“Hackers only need to get it right once; we need to get it right every time.” — Chris Triolo, HP

The quote above personifies the actions and mindset security professionals must own to maintain a strong organizational security posture, allowing for better protection of their devices, users and data — both company-owned and user-privacy.

This must occur every. single. time.

If it doesn’t, the risk may be too great for stakeholders and organizations not to do everything in their power to protect against growing sophisticated threats across the dynamic threat landscape.

Know your enemy

More than just a song lyric, knowing your enemy in this context underscores the importance of learning as much as you can about bad actors, including:

  • Which tactics they employ
  • How they are used
  • What is their aim

In our technical paper, Anatomy of an Attack, we dive into the cyber kill chain, explaining what it is and providing an in-depth analysis of the seven links in the chain to shed light on how to read an attacker’s roadmap so that IT and Security teams can understand what they’re up against. Armed with this knowledge, they can fortify their infrastructure to minimize risk against exploits and compromise.

A picture is worth a thousand words 

Learning about the cyber kill chain is important. But we didn’t just stop there. Alongside Jamf Threat Labs, we take IT and Security pros on a deeper journey of understanding by performing a post-mortem using the Atomic Stealer (AMOS)threat to model exactly how the cyber kill chain can be used by threat actors using AMOS to target and compromise an Apple device running a vulnerable version of macOS.

Why spoil the surprise by simply talking about it here when you can experience the infographic that highlights each phase of the cyber kill chain and details exactly what is going on during each link, providing granularity and transparency into AMOS from a threat hunter’s perspective.

Manage and secure

As long as threat actors target devices, users and data, security controls will be necessary to minimize risk and prevent threats. Furthermore, threats are growing in sophistication. Pairing the dynamic nature of the modern threat landscape, distributed workforces and increased adoption of corporate- and personally-owned mobile devices means IT/Security teams have many hoops to jump through to establish and maintain compliance.

The cherry on top sees threat actors increasingly targeting the Apple ecosystem of desktop and mobile devices in no small part due to their increased adoption by enterprises and personal users preferring to work smarter, not harder, from macOS, iOS and iPadOS devices, in addition to any existing Windows and Android devices that might also be used by employees for business.

The answer is a defense-in-depth strategy that integrates comprehensive security controls that layer and extend protections across your infrastructure. Some of the evergreen solutions to aid administrators in developing a defense-in-depth cybersecurity plan are:

  • Perform a risk analysis on your updated inventory to know what is vulnerable
  • Integrate management, identity and security solutions to work as one solution
  • Breakdown silos between IT and Security departments to increase efficiency and efficacy
  • Automate remediation workflows to minimize human error and streamline incident response
  • Establish partnerships with trusted security pros to hunt for and prevent unknown threats

Jamf is to Apple security what the magnifying glass was to Sherlock Holmes