Side channel attacks: On the other side

By Debasish Mukherjee

In today’s tech driven world, a savvy organisation recognises that its data and systems functioning, whether ancillary or key, are the most valuable assets for the functioning of the entity. To this end, it is crucial to ensure the longevity of an organisation, safeguarding and protecting computer systems. Any organisation, irrespective of size, nature and industry, is a potential victim.

It is imperative for decision makers and leadership to understand the potential impact of advanced cyber threats, stay up-to-date with cyber security development trends and maintain an updated multi-layer security system. All that is needed is the foresight to recognise changes in the threat landscape and awareness of the solutions that exist.

The origin of side channel attacks
A side-channel attack (SCA) is a form of reverse engineering, an “inside job” if you will. Software programs are inherently leaky – they produce “emissions” as by-products, and by backtracking, it is possible for an attacker to deduce how the software works, without access to the program itself.
While side channel attacks did exist in the threat landscape, no one really took serious note until these exploits evolved to include malware delivery. In 2018, a series of vulnerabilities affecting processor chips was discovered, that could permit attackers to gain unauthorised access to a computer’s memory. Dubbed Meltdown and Spectre, the vulnerabilities affect nearly all modern processors, made industry professionals stop short and re-evaluate the threat posed by SCA’s.

In 2012, the National Security Agency (NSA) uncovered the “EternalBlue” vulnerability. Within less than a month, the vulnerability was exploited in one of the most shocking ransomware attacks of the time – WannaCry. WannaCry is a self-propagating ransomware worm that spread rapidly and impacted more than 200 thousand systems in 150 countries in a single weekend. To this day, millions of systems remain unpatched for this malicious exploit.

Side-channel attacks, once weaponized, get dramatically worse. The reason these attacks are more dangerous than other security exploits is that side-channel attacks are hardware and software agnostic. Instead of targeting a vulnerability in the software, attackers exploit the hardware, injecting commands directly at the CPU level. This transcends the OS in some cases, implying that attackers are able to gather data, execute instructions, or take complete control of a target’s end point.

Moreover, attacks could grow more sophisticated as attackers combined several existing exploits – as was seen in the case of WannaCry, an example of a joint exploit with a ransomware malware. This was a malware cocktail, a mixing of dangers. It wasn’t the first, and it won’t be the last. Even though these processor-based dangers haven’t been weaponized yet, the code to play out these attacks are openly accessible and are often lab-tried, effectively in beta stage, so risk entertainers wherever, can improve the adequacy of these assaults later.

It’s a great opportunity to confront hard certainties. We’re in a time where only a firewall or only an antivirus is no longer adequate to accomplish the degree of security that is important to battling complex dangers, including advanced side-channels attacks.

More layers than an onion
Shockingly, stoppages in information transmission among organizations are sustaining the potential danger and seriousness of side-channel attacks. Through this absence of awareness, organizations are putting themselves and their clients in danger. IT departments need to recognize the advancement of side-channel attacks and give due consideration to what could be done to achieve a holistic security solution.

To tackle this issue and help organizations respond rapidly to dangers, leaders need to adopt a layered security strategy, combining hardware, software and other services to deliver overlapping and complementary layers of detection, inspection and control. Additionally, layered security with artificial intelligence (AI) and machine learning-powered enhancements are critical to identifying and preventing future breaches.

Tragically, receiving or putting resources into just a single security highlight isn’t sufficient for organizations (of any size) to safeguard against the sophistication of side-channel attacks today. Luckily, there are sensible practices that associations can incorporate, for example, ongoing sandboxing and endpoint security help decrease the opportunity of an assault.

Know your attacker 101
The ongoing increment of side-channel attacks has bothered most organizations, given that they are hard to screen and fix. With that, man-made brainpower is progressively aligning to the digital weapons contest. Counting AI in a layered arrangement is basic to distinguishing and moderating even the most guileful current dangers.

Computer based, intelligence based arrangements proactively distinguish and square malware and endeavors that don’t display pernicious conduct and conceal their weaponry. This is incredibly gainful regarding new attacks, for example, the ongoing development of BlueKeep and RAMBleed. By compelling malware and endeavors to uncover their weaponry in memory, AI-based arrangements can proactively and precisely stop mass-advertised, zero-day dangers and obscure malware.

In addition, AI-based arrangements can see how a hypothetical assault would function to show itself how to follow sporadic examples in the system. Insightfully learning the code in the memory of a protected domain permits AI-based answers to track vindictive code or information progressively and distinguish it before any harm is caused. It’s by developing its comprehension of the system that AI will turn out to be more effective in distinguishing suspicious malware. This will diminish the time it takes to distinguish an assault.

Despite the fact, that business is still realizing the maximum capacity of AI, ongoing attacks have demonstrated why it’s necessary in battling the digital war. As an industry that has been gathering information for quite a long time, AI is making it less complex for security leaders to ensure organizations safety. Increasingly, advanced and never-before seen layered attacks are coming, and a layered security approach, along with developing innovation upgrades, is basic to shielding organizations from increased threat.

(The author is the Country Director- India & SAARC, SonicWall)

BlueKeepDebasish MukherjeeEternalBlueRAMBleedSide Channel AttackSonicWALL
Comments (0)
Add Comment