Intel Says ‘Tiger Lake’ Will Drown Control-Flow Malware

0
68


Intel Says ‘Tiger Lake’ Will Drown Control-Flow Malware

The subsequent technology of Intel cell processors will embody malware safety constructed into the chip, the corporate introduced Monday.

The safety, offered by Intel’s Control-Flow Enforcement Technology (CET), will first be out there within the firm’s “Tiger Lake” cell processors, Vice President of Intel’s Client Computing Group Tom Garrison revealed.

CET is designed to guard towards the misuse of professional code by control-flow hijacking assaults, which is broadly utilized in giant courses of malware, he defined.

Intel Control-Flow Enforcement Technology

Of the 1.097 vulnerabilities Trend Micro found by its Zero Day Initiative from 2019 to at present, 63.2 % had been associated to reminiscence security.

“As more proactive protections are built into the Windows OS, attackers are shifting their efforts to exploit memory safety vulnerabilities by hijacking the integrity of the control flow,” famous David Weston, director of Enterprise and OS Security at Microsoft.

“As an opt-in feature in Windows 10, Microsoft has worked with Intel to offer hardware-enforced stack protection that builds on the extensive exploit protection built into Windows 10,” he defined, ” to enforce code integrity as well as terminate any malicious code.”


Chip-Level Attacks

With control-flow protections constructed into Intel’s {hardware}, it will likely be potential to detect reminiscence assaults earlier within the course of, famous Ray Vinson, senior product supervisor at
Spirent, a telecommunications testing firm in Sunnyvale, California.

“The attacker is making chip-level calls to initiate the memory attack. Software sees those calls, but only after they’re made,” he instructed TechNewsWorld.

“By addressing the attack at the chip level, you’re preventing the calls from ever taking place and preventing any resources from being taken up by the attack,” Vinson defined.

“Memory overflow and software overflow attacks have been around as threats for years. By addressing this at the chip level, it starts to take this out as an option for the hacker,” he added.

Among the main malware assaults at present mounted by hackers are “fileless” assaults, the place malicious code is loaded instantly into reminiscence, famous James McQuiggan, safety consciousness advocate for
KnowBe4, a safety consciousness coaching supplier in Clearwater, Florida.

“This style is difficult for antimalware applications to detect, since they look for binary, executable applications running from a hard drive,” he instructed TechNewsWorld.

“Having the hardware join the fight against malicious software can decrease the successful attacks against endpoints in an organization’s infrastructure,” McQuiggan stated. “It adds another layer of protection between the human and the operating system’s protective software to secure the endpoint and prevent a malware attack.”

Building safety into the {hardware} structure makes it a lot more durable for an attacker to jot down profitable exploits, stated Nilesh Dherange, CTO of
Gurucul, a threat intelligence firm at El Segundo, California.

“This is a good move, potentially mitigating entire families of malware threats,” he instructed TechNewsWorld.

No Silver Bullet

There could be benefits and downsides to baking safety into {hardware}, famous Malek Ben Salem, Americas Security R&D lead for
Accenture, knowledgeable providers firm primarily based in Dublin.

“Software is more flexible. You can deploy it on more architectures, and you can deploy it faster,” she instructed TechNewsWorld.

“In hardware, though, you get less performance degradation, and it’s more effective in these kinds of attacks,” Ben Salem continued.

Organizations ought to take care to not embrace the know-how too quickly, cautioned KnowBe4’s McQuiggan.

“What impact will the hardware have from falsely stopping instructions because it was considered an attack?” he requested. “While this is a new technology, organizations will want to make sure it’s adequately configured for their environments and not just expect it to stop all malware.”

CET is not any silver bullet towards all assaults, warned Chris Clements, vp of options structure at
Cerberus Sentinel, a
cybersecurity consulting and penetration testing firm in Scottsdale, Arizona.

“Attackers routinely find ways to circumvent security protections, and depending on Intel’s implementation, the safeguards may turn out to be trivial to bypass,” he instructed TechNewsWorld.

“Further, many breaches and ransomware attacks come not from cybercriminals exploiting vulnerable software, but rather from configuration errors like open S3 buckets, weak user passwords, and social engineering attacks like phishing,” Clements continued. “In these cases, no advanced exploit development is necessary to compromise their victim’s systems or data.”

Living in a Software-Defined World

Added safety in silicon is all the time a welcome addition, particularly when coping with reminiscence re-use and buffer overflows, nevertheless it must be put in perspective.

“There is a long history of chipmakers over-reaching on embedding security in the chip and promising security gains that haven’t been there. McAfee’s acquisition by Intel was such a case,” noticed Greg Young, vp of cybersecurity at
Trend Micro, a cybersecurity options supplier headquartered in Tokyo.

“So, hardware-assisted control flow is good, especially for embedded devices, but not a game-changer, as infrastructure and endpoints have never been self-defending and the bulk of attacks don’t involve this vector,” he instructed TechNewsWorld.

“It’s a software-defined world, and with so much software in the stack, there’s a lot of vulnerabilities to go after that don’t involve the chip,” Young stated.

There’s one other potential snag for CET, Dherange identified.

“The implementation, as described, is an opt-in solution, which means that some developers won’t expend the effort needed to integrate with CET,” he stated. “That would leave their applications potentially vulnerable.”

Nevertheless, “given the prevalence of ‘memory safety’ vulnerabilities that CET addresses, this could be of huge benefit. The challenge will be how tightly developers adhere to it,” Dherange maintained.

CET is not the one option to fight memory-based assaults, stated Joe Saunders, CEO of
RunSafe Security, an embedded techniques safety firm in McLean, Virginia.

“Once developers start deploying on such hardware, they will need to consider the tradeoffs in performance overhead when considering enabling these protections at the hardware level,” he instructed TechNewsWorld.

“There are alternative approaches, such as function-level load time randomization, that eliminate memory-based attacks without overhead performance impact or trade off,” Saunders stated.

CET will not get rid of software program protections and malware and antivirus instruments, Accenture’s Ben Salem defined.

“This is another layer of defense that’s monitoring what’s happening in real time,” she stated, “compared to software tools that are looking at malware files upline or in a sandbox environment.”


John P. Mello Jr. has been an ECT News Network reporter
since 2003. His areas of focus embody cybersecurity, IT points, privateness, e-commerce, social media, synthetic intelligence, huge information and client electronics. He has written and edited for quite a few publications, together with the Boston Business Journal, the
Boston Phoenix, Megapixel.Net and Government
Security News
. Email John.



Source link