Report: processor attacks to pose further threat
A new report has highlighted the potential dangerous consequences of a series of processor flaws that first appeared earlier this year, warning that such vulnerabilities could be exploited further.
According to a new threat report produced by network security firm Sonicwall, flaws in microprocessors that were taken advantage of by the Meltdown and Spectre attacks in early 2018 are “strong indicators” of what cyber criminals may target throughout the year.
The company reported that it had encountered 500 “zero day” processor malware attacks between December 2017 and January 2018 – suggesting that worse is yet to come.
The report’s authors added: “It’s likely these are just two of many processor vulnerabilities already in play. We predict the emergence of password stealers and infostealers to take advantage of Meltdown and Spectre vulnerabilities.”
Chief Technology officer John Gmuender writes that Meltdown’s channels for attack are “very broad” as it tries to gain access to a device’s memory, even if a user should not have access to it.
Other attacks that Sonicwall have observed have served as a “proof of concept” that similar processor exploits could be in the works. Attackers have already made use of exception-handling features that are hardwired into processor architectures, where a device will run a special set of instructions if it encounters an error.
Though many in the industry believe that such flaws are too complicated to enable a wide range of exploits to be developed, Gmuender suggests that the breath of possible entry routes for attackers means they could develop “off-the shelf” toolkits.
Malware is already capable of overcoming limitations set by Windows’ pre-boot execution environment (PXE), which usually prevents code from being injected into parcels of device memory reserved for the operating system.
The report concludes by suggesting the “best” attack code works like weaponry.
“The malware allocates memory, decrypts the attack code into this memory and then marks it for execution, which it then runs,” it adds.