Keeping abreast with technology has become the work job of technologists today, you need to be on your toes all the time. Practicing the technologies, versions and models that are relevant for your enterprise today is the biggest challenge. And the biggest of it all, how to cyber secure your organisation, in what sometimes looks like a pack of cards. The reigning king of the cyber insecure world is ransomware, going through different techs, modes, business models, onslaughts et al has come here to stay.
There is no way but to deal with it, but it has not been easy. But as the cutting edge level tech crime battle goes on, a recent news on the ransomware side, seems to suggest that ransomware can literally do away with all the guardrails. They say it is going to usher in a new era of unavoidable ransomware. The latest is that the world’s first CPU-level ransomware can “bypass every freaking traditional technology we have out there.” In that case the age of firmware-based attacks is just round the corner. None other than a cyber security expert has created a proof of concept.
Having the capability to circumvent most traditional forms of ransomware detection. The proof-of-concept code for this ransomware, has been written by Rapid7’s Christiaan Beek, that can attack your CPU. He is very clear about the impact and says future threats could lock your drive until a ransom is paid. From where did Beek get this idea? An AMD bug gave him the idea as to what a highly skilled attacker do in theory? It is to “allow those intruders to load unapproved microcode into the processors, breaking encryption at the hardware level and modifying CPU behaviour at will.” Beek comes from a background in firmware security.
He thought to himself that he could write some CPU ransomware, and that is exactly what he did. With ransomware at the CPU level, it would be we hpossible to bypass very freaking traditional technologyave out there. Conti ransomware as it is told was working on ransomware installs inside UEFI. A modified UEFI firmware “can trigger encryption before the OS even loads. For sure no AV can detect this. The fear is that some smart threat actors will get smart enough to start creating this stuff. What is required today is to fix the foundations of hardware security. The hard fact is that ransomware breaches succeed at the mercy of high-risk vulnerabilities, weak passwords, lack of authentication etc.
THE LIKELIHOOD OF CPU-LEVEL RANSOMWARE IS THE SCARIEST CYBER SECURITY NEWS OF THE CURRENT DAY.
Sanjay Sahay
Have a nice evening.