Americas

  • United States

Asia

Oceania

rickgrinnell
Contributor

Intel’s chip vulnerabilities don’t bode well for the spread of ransomware

Opinion
Jan 17, 20184 mins
Artificial IntelligenceData and Information SecurityRansomware

Traditionally, ransomware security was based on matching viruses to a database of known malware. AI offers a more dynamic approach.

Ransomware was a major menace last year. Though full figures aren’t in yet, ransomware messages rose 6,000% according to IBM Security as the WannaCry attack brought ransomware to the front pages and boardroom discussions.

If you think 2018 will be any better, think again. Just as the year was starting, Google Project Zero researchers shared details about Spectre and Meltdown, two vulnerabilities in chips from Intel, AMD and ARM that affect most computers. It’s a mind-blowing fact that these vulnerabilities are present in Intel CPUs built since 1995. That’s over twenty years of hardware that is powering much of the world’s offices, critical infrastructure and cloud environments. These are hardware bugs, errors in the physical chip itself and there are implications for all Windows, Mac and Linux systems that use the chips – and in cloud environments as well.

While the chipmakers and OS creators rush to mitigate the effects of Spectre and Meltdown, the tech world is broadcasting to hackers that there’s a new path for ransomware. In my “Can AI eliminate phishing,”, I argued that AI-based tools were the best weapon for fighting phishing attacks. The same is true when it comes to ransomware.

Why Spectre and Meltdown are bad news for ransomware

Before we look at the solution, let’s take a closer look at Spectre and Meltdown. Spectre breaks the isolation between different applications. It allows an attacker to trick “good” programs, which follow best coding practices, into leaking their secrets to a “bad” program running on the same machine. In fact, the safety checks of “best practices” increase the attack surface and may make applications more susceptible to Spectre.

Meltdown breaks the isolation between user applications and the operating system. This attack allows a program to access the memory (and the private data) of other programs and the operating system.

These two vulnerabilities allow a hacker to launch malicious code on a machine that can steal data from other applications, including passwords. This flaw makes multi-tenant environments (where more than one customer’s or user’s data and applications are being used, even those running on separate virtual machines) much less secure than previously thought.  Malicious code on one VM can now steal data from other customers’ apps running in other VMs.

With this data, ransomware attacks that “lock” machines and their data from being used by their rightful owners could become much more rampant, as it will be easier to hijack access control information.

What businesses can do to protect themselves

It is believed that current antivirus programs won’t detect these Spectre and Meltdown-based exploits, and log files won’t demonstrate additional activity that would be deemed “malicious.”

As a result, these vulnerabilities could be used to steal data, block usage, or hijack the control of these devices, impacting all industries, with critical infrastructure. For segments like healthcare and financial services, the implications are particularly worrisome.

It is critical to point out, that even without Spectre and Meltdown, creating yet another set of attractive attack vectors for the bad guys to exploit, 2018 was shaping up to be a bad year for ransomware.  The evolution of the tools and techniques leveraged in 2017 was enough to cause havoc, particularly on systems where known vulnerabilities were not fixed with necessary software updates.  Now there are additional vulnerable pathways to pursue, and these won’t be quickly or easily patched.

That means we will need another wave of protection, with AI playing a key role, to do the following:

  • Find machines that have not been patched – firmware, OS and applications. Humans are notoriously bad at finding all their unpatched machines, and making the necessary updates in a timely manner.
  • Detect data flows out of applications that should not have access – an application launched from a website link should not be uploading sensitive employee or customer data, for example.
  • Lock down systems that have not been patched.
  • Detect vulnerabilities in future chip and OS designs, preventing similar future issues.

Going forward, many businesses will be increasingly turning to AI to fight ransomware. Traditionally, ransomware security was based on matching viruses to a database of known malware. But AI offers a more dynamic approach that looks for telltale signs of ransomware, like a program that begins encrypting files without showing a status bar.

The movement to AI-based security has already been occurring, of course. But one positive outcome of Spectre/Meltdown is that the threat is now apparent to everyone. The solution should be, too.

rickgrinnell
Contributor

Rick Grinnell is a founder and Managing Partner of Glasswing Ventures, an early-stage venture capital firm dedicated to investing in the next generation of AI-powered technology companies that connect consumers and enterprises and secure the ecosystem. As a venture capitalist and seasoned operator, Rick has invested in some of the most dynamic companies in security, enterprise infrastructure and storage.

During his 17 years of venture capital experience he has led investments and served on the board of directors for companies such as EqualLogic (acquired by Dell), Prelert (acquired by Elastic), Pwnie Express, Resilient Systems (acquired by IBM), Trackvia and VeloBit (acquired by Western Digital) and is now lead investor and a member of the board of directors at Terbium Labs.

Rick is also active with various entrepreneurial programs at the Massachusetts Institute of Technology (MIT), Harvard and Tufts Universities, and is a frequent judge at MassChallenge. Rick’s contributions to the broader community include serving as a member of the Board of Directors of Big Brothers Big Sisters of Massachusetts Bay, as Vice Chairman of the Board of Overseers at the Museum of Science in Boston, and as a member of the Educational Council at MIT. Rick has been recognized by the New England Venture Network with the Community Leadership Award for his philanthropic work and contribution to the community.

Rick earned BS and MS degrees in Electrical Engineering from MIT and an MBA from HBS.

The opinions expressed in this blog are those of Rick Grinnell and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.