Traditionally, ransomware security was based on matching viruses to a database of known malware. AI offers a more dynamic approach. Credit: Natascha Eibl Ransomware was a major menace last year. Though full figures aren’t in yet, ransomware messages rose 6,000% according to IBM Security as the WannaCry attack brought ransomware to the front pages and boardroom discussions.If you think 2018 will be any better, think again. Just as the year was starting, Google Project Zero researchers shared details about Spectre and Meltdown, two vulnerabilities in chips from Intel, AMD and ARM that affect most computers. It’s a mind-blowing fact that these vulnerabilities are present in Intel CPUs built since 1995. That’s over twenty years of hardware that is powering much of the world’s offices, critical infrastructure and cloud environments. These are hardware bugs, errors in the physical chip itself and there are implications for all Windows, Mac and Linux systems that use the chips – and in cloud environments as well.While the chipmakers and OS creators rush to mitigate the effects of Spectre and Meltdown, the tech world is broadcasting to hackers that there’s a new path for ransomware. In my “Can AI eliminate phishing,”, I argued that AI-based tools were the best weapon for fighting phishing attacks. The same is true when it comes to ransomware.Why Spectre and Meltdown are bad news for ransomwareBefore we look at the solution, let’s take a closer look at Spectre and Meltdown. Spectre breaks the isolation between different applications. It allows an attacker to trick “good” programs, which follow best coding practices, into leaking their secrets to a “bad” program running on the same machine. In fact, the safety checks of “best practices” increase the attack surface and may make applications more susceptible to Spectre. Meltdown breaks the isolation between user applications and the operating system. This attack allows a program to access the memory (and the private data) of other programs and the operating system.These two vulnerabilities allow a hacker to launch malicious code on a machine that can steal data from other applications, including passwords. This flaw makes multi-tenant environments (where more than one customer’s or user’s data and applications are being used, even those running on separate virtual machines) much less secure than previously thought. Malicious code on one VM can now steal data from other customers’ apps running in other VMs. With this data, ransomware attacks that “lock” machines and their data from being used by their rightful owners could become much more rampant, as it will be easier to hijack access control information.What businesses can do to protect themselvesIt is believed that current antivirus programs won’t detect these Spectre and Meltdown-based exploits, and log files won’t demonstrate additional activity that would be deemed “malicious.”As a result, these vulnerabilities could be used to steal data, block usage, or hijack the control of these devices, impacting all industries, with critical infrastructure. For segments like healthcare and financial services, the implications are particularly worrisome.It is critical to point out, that even without Spectre and Meltdown, creating yet another set of attractive attack vectors for the bad guys to exploit, 2018 was shaping up to be a bad year for ransomware. The evolution of the tools and techniques leveraged in 2017 was enough to cause havoc, particularly on systems where known vulnerabilities were not fixed with necessary software updates. Now there are additional vulnerable pathways to pursue, and these won’t be quickly or easily patched.That means we will need another wave of protection, with AI playing a key role, to do the following:Find machines that have not been patched – firmware, OS and applications. Humans are notoriously bad at finding all their unpatched machines, and making the necessary updates in a timely manner.Detect data flows out of applications that should not have access – an application launched from a website link should not be uploading sensitive employee or customer data, for example.Lock down systems that have not been patched.Detect vulnerabilities in future chip and OS designs, preventing similar future issues.Going forward, many businesses will be increasingly turning to AI to fight ransomware. Traditionally, ransomware security was based on matching viruses to a database of known malware. But AI offers a more dynamic approach that looks for telltale signs of ransomware, like a program that begins encrypting files without showing a status bar. The movement to AI-based security has already been occurring, of course. But one positive outcome of Spectre/Meltdown is that the threat is now apparent to everyone. The solution should be, too. Related content opinion 2019 in review: data breaches, GDPR’s teeth, malicious apps, malvertising and more As 2019 draws to a close, it is time to reflect on what’s happened in cybersecurity over the past twelve months – and in some cases, what didn’t happen this year. By Rick Grinnell Dec 09, 2019 5 mins Data Breach Phishing Malware opinion Combatting extreme weather and power outages, a growing need for AI The past month saw an unprecedented leap in natural disasters across the U.S. In an effort to prevent the spread of wildfires in California, power was shut down for days as a proactive and preventative measure. With climate change, comes a new disrup By Rick Grinnell Nov 07, 2019 5 mins Artificial Intelligence Security opinion Different conferences, common theme: How to best manage the disparate security solutions we’re using We need to unite the different islands of security solutions in both the physical and cyber worlds to provide the best level of protection. By Rick Grinnell Sep 24, 2019 5 mins Security opinion Sharks and phishers are circling, looking to snag a bite Security professionals need to work together to come up with effective threat strategies, better training and intelligence alert systems in effort to keep phishing attacks at a minimum. By Rick Grinnell Aug 06, 2019 5 mins Phishing Hacking Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe