Intel’s chip vulnerabilities don’t bode well for the spread of ransomware

Ransomware was a major menace last year. Though full figures aren’t in yet, ransomware messages rose 6,000% according to IBM Security as the WannaCry attack brought ransomware to the front pages and boardroom discussions.

If you think 2018 will be any better, think again. Just as the year was starting, Google Project Zero researchers shared details about Spectre and Meltdown, two vulnerabilities in chips from Intel, AMD and ARM that affect most computers. It’s a mind-blowing fact that these vulnerabilities are present in Intel CPUs built since 1995. That’s over twenty years of hardware that is powering much of the world’s offices, critical infrastructure and cloud environments. These are hardware bugs, errors in the physical chip itself and there are implications for all Windows, Mac and Linux systems that use the chips – and in cloud environments as well.

While the chipmakers and OS creators rush to mitigate the effects of Spectre and Meltdown, the tech world is broadcasting to hackers that there’s a new path for ransomware. In my “Can AI eliminate phishing,”, I argued that AI-based tools were the best weapon for fighting phishing attacks. The same is true when it comes to ransomware.

Why Spectre and Meltdown are bad news for ransomware

Before we look at the solution, let’s take a closer look at Spectre and Meltdown. Spectre breaks the isolation between different applications. It allows an attacker to trick “good” programs, which follow best coding practices, into leaking their secrets to a “bad” program running on the same machine. In fact, the safety checks of “best practices” increase the attack surface and may make applications more susceptible to Spectre.

Meltdown breaks the isolation between user applications and the operating system. This attack allows a program to access the memory (and the private data) of other programs and the operating system.

These two vulnerabilities allow a hacker to launch malicious code on a machine that can steal data from other applications, including passwords. This flaw makes multi-tenant environments (where more than one customer’s or user’s data and applications are being used, even those running on separate virtual machines) much less secure than previously thought.  Malicious code on one VM can now steal data from other customers’ apps running in other VMs.

With this data, ransomware attacks that “lock” machines and their data from being used by their rightful owners could become much more rampant, as it will be easier to hijack access control information.

What businesses can do to protect themselves

It is believed that current antivirus programs won’t detect these Spectre and Meltdown-based exploits, and log files won’t demonstrate additional activity that would be deemed “malicious.”

As a result, these vulnerabilities could be used to steal data, block usage, or hijack the control of these devices, impacting all industries, with critical infrastructure. For segments like healthcare and financial services, the implications are particularly worrisome.

It is critical to point out, that even without Spectre and Meltdown, creating yet another set of attractive attack vectors for the bad guys to exploit, 2018 was shaping up to be a bad year for ransomware.  The evolution of the tools and techniques leveraged in 2017 was enough to cause havoc, particularly on systems where known vulnerabilities were not fixed with necessary software updates.  Now there are additional vulnerable pathways to pursue, and these won’t be quickly or easily patched.

That means we will need another wave of protection, with AI playing a key role, to do the following:

• Find machines that have not been patched – firmware, OS and applications. Humans are notoriously bad at finding all their unpatched machines, and making the necessary updates in a timely manner.
• Detect data flows out of applications that should not have access – an application launched from a website link should not be uploading sensitive employee or customer data, for example.
• Lock down systems that have not been patched.
• Detect vulnerabilities in future chip and OS designs, preventing similar future issues.

Going forward, many businesses will be increasingly turning to AI to fight ransomware. Traditionally, ransomware security was based on matching viruses to a database of known malware. But AI offers a more dynamic approach that looks for telltale signs of ransomware, like a program that begins encrypting files without showing a status bar.

The movement to AI-based security has already been occurring, of course. But one positive outcome of Spectre/Meltdown is that the threat is now apparent to everyone. The solution should be, too.