Viewing posts categorised under: Threat Intelligence
05Nov
PortSmash attack exploits Intel’s Hyper-Threading architecture to steal your data
Threat Intelligence

On Friday, a new attack called PortSmash was announced.  This attack exploits Intel’s Hyper-Threading architecture to steal your data.
Details here: https://www.digitaltrends.com/computing/new-portsmash-attack-allow-attackers-to-steal-encrypted-data/

What do we know so far?

Researchers have uncovered yet another side-channel attack name PortSmash in Intel and AMD CPUs.  All CPUs that have simultaneous multithreading (SMT) architecture and Intel’s Hyper-Threading (HT) technology are affected by the attack.  A PoC code has been published by the researchers to prove this is possible and not just a theory.

For the attack to be successful the malicious code must run on the same CPU core as the legitimate code.  Due to SMT and HT, the code running on one thread can also observe what is happening on other thread, and an attacker could use this behavior to inject malicious code in tandem with legitimate code in order to eavesdrop.  The malicious code will then leak encrypted data in bits and pieces that can be later reconstructed by the attacker.  Intel has released the patch for the same.

What is the Delivery Mechanism?

We are not aware of any delivery mechanism for the malicious code but, from the report it can delivered using regular phishing attack and other mechanisms.

Are Datacenter affected?

Yes, datacenters are affected due to this attack.  The shared model of public datacenter makes this attack quite dangerous: attackers simply rent VMs and run malicious code that run on the same CPU core as the legitimate code to eavesdrop.  Technically, they don’t have to build a delivery mechanism. However, to exploit private datacenter they have to build a delivery mechanism.

 

Read More
12Jun
The Rise of Cryptojacking: Effective Detection and Prevention
Threat Intelligence

With the growing popularity of cryptocurrency around the globe, a new form of cybersecurity threat called cryptojacking is becoming a big concern. In late 2017, Malwarebytes reported 8 million daily malware blocks, with each detected incident possibly being cryptojacking. Early this year, CSO listed cryptojacking “gold rush” as the No.1 of Top 5 cybersecurity concerns for 2018.  In response, we need to take a closer look at this threat and how to effectively detect and prevent against cryptojacking attacks.

Read More
17May
Clouds Might be Secure, but There are Blind Spots Too
Threat Intelligence

DATA DISCOVERY: DATA IS EVERYWHERE, KNOW AND PROTECT YOUR DATA

Digital evolution is driving net new challenges for data security. In this rapidly evolving digital world, data is not clearly defined, structured or secured. Today’s businesses continue to be agile and adapt new technologies, like cloud services, to meet the demands of customers. While collecting, storing and protecting data might look like standard operating procedures in legacy environments, businesses often overlook proper data safeguards in the new technology world, especially in the case of non-critical data.

Read More
17Apr
Status Report: SX Research Team Reveals New Cloud Security Threats
Stratus Report

In 2005, Gary McGraw and Brian Chess published a taxonomy of code vulnerabilities exploited by attackers.  Today, the “Seven Pernicious Kingdoms” continue to be used by MITRE to classify vulnerabilities. With the onset of cloud computing, it is time to begin a new taxonomy that accounts for attacks on cloud infrastructure.

Read More
11Jul
(Not)Petya “X”: A Worm’s Evolution & Cyber Kill Chain
Threat Intelligence

WHAT YOU NEED TO KNOW

Petya and its “X” variants such as NotPetya, Nyetya, Petrwrap and GoldenEye have become a contagion. Represented in global daily headlines, they appear to be involved in an evolutionary process, starting as a primitive, network worm and ransomware and transforming into something of far greater destructive, possibly deceptive, power. While NATO investigates a state actor behind these attacks, NotPetya has already claimed over 2000 victims and £100m in cost to companies like Reckitt Benckiser.

Read More

About Author

Ratinder Ahuja

Ratinder Ahuja

Founder & CEORatinder leads ShieldX and its mission as its central pivot point, drawing from a career as a successful serial entrepreneur and corporate leader, bringing with him his unique blend of business acumen, industry network and deep technical knowledge.
+ READ FULL BIO