Weissblick - Fotolia

Boom expected in processor attacks

Sonicwall's latest research shows worrying signs that the processor flaws revealed at the start of 2018 are set to dominate IT security

A recent threat report from Sonicwall warned that the appearance of Meltdown and Spectre in early 2018 were strong indicators of what the year may hold.

“It’s likely these are just two of many processor vulnerabilities already in play. We predict the emergence of password stealers and infostealers to take advantage of Meltdown and Spectre vulnerabilities,” Sonicwall warned.

In December 2017 and January 2018, the company reported it had found 500 unknown zero day processor malware attacks.

When Computer Weekly asked Sonicwall why the attacks appeared before the official confirmation from Intel, CEO Bill Conner said: “It was communicated in China but not the rest of the world.”

Discussing the techniques that could be exploited in a processor attack, John Gmuender, chief technology officer at Sonicwall, said: “Meltdown is very broad and tries to gain access to memory you shouldn’t have access to. We are seeing lots of proof of concept attacks coming through. It is more than we expected.”

He said attackers are making use of the exception-handling features built into processor architectures, where the processor runs a set of instructions if it encounters something out of the ordinary.

While some industry observers believe the processor flaws are complex enough to limit wide-scale attack, Gmuender expects attacks may become as available as off-the-shelf toolkits for hackers.

Read more about processor flaws

  • IT administrators have already lost hours installing the processor patch from Intel, which causes PCs to lock up and systems to crash and slow down.
  • The days of fixing the date bug in legacy systems may be long gone, but IT now has as much of an effort mitigating the Spectre/Meltdown processor flaw.

Among the techniques he has seen is the ability for malware to overcome the limitations set by the Windows pre-boot execution environment (PXE). This is designed to prevent code from being injected into areas of computer memory that are only allowed by the operating system to store data.

He said the best attack code is like weaponry. “It is the kind of code protected by custom packages and encryption. The malware allocates memory, decrypts the attack code into this memory and then marks it for execution, which it then runs.”

The company has updated its edge security system to protect small and mid-sized business users from possible processor attacks.

“The system we built for SMBs to operate while the user is clicking in a browser. We do a lot of analysis on the firewall, and if we find things we don’t know, data is captured in the cloud in real time.” Access is blocked until the analysis gives a no-threat verdict.

This will slow down internet access a little, according to Gmuender, and the average delay on page access is about two seconds – although analysis can take up to two minutes.

Read more on Chips and processor hardware