SonicWall's CEO, Bill Conner, explains why processor vulnerabilities like Foreshadow aren't going away.
Foreshadow, the hardware-level processor flaw recently discovered in Intel chips isn’t the first of its kind – and won’t be the last. At the beginning of the year, there was widespread panic about Spectre and Meltdown, and although patches have been released to mitigate the threat, they negatively affect performance, and some older chips remain vulnerable.
“Like its predecessors, Meltdown and Spectre, Foreshadow is attacking side-channels that operate and rely on the proper functioning methods of a chip’s memory and cache function to extract sought after information,” says Bill Conner, CEO of cybersecurity firm SonicWall. “Once gained, it is then used to ‘pick locks’ within highly secured personal computers or even third-party clouds undetected."
As you may recall from reports on Meltdown and Spectre, these flaws essentially allow access to parts of the processor’s memory that are meant to be off limits. Theoretically, hackers see passwords or gain access to data through vulnerable software, such as web browsers.
At the time, there was no evidence that criminals had exploited either of these, but it didn’t take long for them to start producing samples and testing them. In the case of Foreshadow, Intel already patched it before its discovery was made public.
But patches are only effective if they’re actually installed. Software needs be updated, including operating systems, and micro code needs to be installed for processors. Too many users and businesses, however, fall behind with the latest patches, and that’s when the trouble can start.
Speaking of SonicWall’s own response to these flaws, Conner says, “Fortunately, prior to Meltdown and Spectre being made public in January 2018, the SonicWall team was already developing Real-Time Deep Memory Inspection (RTDMITM) technology, which proactively protects customers against these very types of processor-based exploits as well as PDF and Office exploits never seen before.”
This technology, it seems, is critical, because, “In the first half of 2018 alone, the technology has blocked more than 12,300 never-seen-variants (zero days) and we fully expect to see that number rise. With over ten years of machine learning and experience, RTDMI helps arm organisations to eliminate some of the biggest security challenges of all magnitudes, and which will also come to include Foreshadow.”
Whatever comes next, whether it’s similar to Foreshadow or not, security companies, software firms and IT specialists will all need to be prepared, because “This type of attack is something that will not dissipate. Instead, attackers will only seek to benefit from the plethora of malware strains available to them and which they can formulate like malware cocktails to divert outdated technologies, security standards and tactics.”