Intel foresees threats to hardware, firmware components
Intel Security has foreseen threats targeting hardware and firmware components and threatening runtime integrity, according to a report.
It’s McAfee Labs Threats Report: August 2015, also found that the increasingly evasive malware and long-running attacks were expected but some of the specific tactics and techniques were unimagined five years ago.
The report includes a critique of graphics processing unit (GPU) malware claims, an investigation of the top cybercriminal exfiltration techniques, and a five-year retrospective on the evolution of the threat landscape since Intel’s announcement of the McAfee acquisition.
McAfee Labs commemorates the five-year anniversary of the Intel-McAfee union by comparing what researchers thought would happen beginning in 2010 with what actually happened in the realm of hardware and software security threats.
Key researchers and executives reviewed the predictions on the security capabilities of silicon, the challenges of emerging hard-to-detect attacks, and the 2010 expectations for new device types versus the reality of the marketplace.
It found that although the volume of mobile devices has increased even faster than was expected, serious broad-based attacks on those devices has grown much more slowly than thought.
The attacks and breaches against Internet of Things (IoT) is just beginning, it said.
The adoption of cloud has changed the nature of some attacks, as devices are attacked not for the small amount of data that they store, but as a path to where the important data resides, said the report.
Meanwhile, cybercrime has grown into a full-fledged industry with suppliers, markets, service providers, financing, trading systems, and a proliferation of business models.
Businesses and consumers, however, still do not pay sufficient attention to updates, patches, password security, security alerts, default configurations, and other easy but critical ways to secure cyber and physical assets, it noted.
The discovery and exploitation of core Internet vulnerabilities has demonstrated how some foundational technologies are underfunded and understaffed, said the report.
It also found that there is a growing, positive collaboration between the security industry, academia, law enforcement, and governments to take down cybercriminal operations.
Hamed Diab, Middle East and North Africa (Mena) region director, Intel Security, said: “We were impressed by the degree to which three key factors – expanding attack surfaces, the industrialization of hacking, and the complexity and fragmentation of the IT security market – accelerated the evolution of threats, and size and frequency of attacks.
“To keep pace with such momentum, the cybersecurity community must continue to improve threat intelligence sharing, recruit more security professionals, accelerate security technology innovation, and continue to engage governments so they can fulfill their role to protect citizens in cyberspace.”
The August report also probes into the details of three proofs-of-concept (PoC) for malware exploiting GPUs in attacks.
While nearly all of today’s malware is designed to run from main system memory on the central processing unit (CPU), these PoCs leverage the efficiencies of these specialised hardware components designed to accelerate the creation of images for output to a display.
The scenarios has suggested hackers will attempt to leverage GPUs for their raw processing power, using them to evade traditional malware defenses by running code and storing data where traditional defenses do not normally watch for malicious code.
Reviewing the PoCs, Intel Security has agreed that moving portions of malicious code off of the CPU and host memory reduces the detection surface for host-based defenses.
However, researchers have argued that, at a minimum, trace elements of malicious activity remain in memory or CPUs, allowing endpoint security products to detect and remediate threats.
McAfee Labs has also detailed techniques cybercriminals use to exfiltrate a wide variety of information on individuals from corporate networks: names, dates of birth, addresses, phone numbers, social security numbers, credit and debit card numbers, health care information, account credentials, and even sexual preferences.
In addition to tactics and techniques used by attackers, this analysis examines attacker types, their motivations, and their likely targets, as well as the policies businesses should embrace to better detect exfiltration.
The report also identified a number of other developments in the second quarter of the year including ransomware, mobile slump, spam botnets, suspect URLs, infected files and PUPs up.