The current state of cybersecurity is complex, fast-moving and a critical risk to all organizations. Understanding where U.S. businesses stack up in terms of their security knowledge and defense strategy is of utmost importance. It’s critical that leaders—from enterprise to small business and government—gain more awareness of one of the greatest challenges cybersecurity is currently facing.
We’ve entered an era of advanced and persistent layered attacks. To stay ahead of these and other never-before-seen attacks, businesses and security leaders across industries must recognize the dangers they pose. Luckily, by understanding the current landscape and solutions that exist, businesses can enhance and improve their security posture in an ever-evolving threat landscape.
Origin of the Side-Channel Attack
While side-channel attacks have been an issue for decades, it wasn’t until January 2018 when Meltdown and Spectre made headlines that the industry began to take notice of exploits that were adapting to include a malware delivery technique in the memory space.
To fully understand side-channel attacks, you must go back to when EternalBlue was leaked in April 2017. Within less than a month, EternalBlue was used by a nation-state as a part of WannaCry, a self-propagating ransomware worm that spread rapidly and impacted more than 200,000 systems in more than 150 countries in a single weekend. To this day, millions of systems remain unpatched for this malicious exploit.
While the WannaCry Ransomware was bad enough, the side-channel attacks, once weaponized, will be dramatically worse. The reason these attacks are more dangerous than other security exploits is that side-channel attacks are hardware- and software-indifferent. Instead of targeting a vulnerability in the software, attackers exploit the hardware, injecting commands directly at the CPU level. This transcends the OS in some cases, meaning that attackers can gather data, execute instructions or take complete control of a target’s endpoint. It also means that it is not a software-only fix at the source.
It’s no longer hypothetical for attackers to combine newer exploits. This was the basis of WannaCry. In a little more than one month’s time, different nation-state hackers combined an exploit with a ransomware malware, Petya-NotPetya. This was a malware cocktail—a blending of threats. It wasn’t the first and it won’t be the last. Even though these processor-based threats haven’t been weaponized yet, the code to perform these attacks are available publicly and (in most cases) already lab-tested, so threat actors everywhere are able to enhance the effectiveness of these attacks in the future.
It’s time to face hard truths. We’re in an era where deploying just a firewall or just an antivirus is no longer sufficient to achieve the level of security that’s necessary to combat complex threats, including advanced side-channel attacks.
The Key: Layering Your Defense
Unfortunately, knowledge gaps among businesses are perpetuating the potential threat and severity of side-channel attacks. Through this lack of awareness, businesses continue to put themselves and their customers at risk. What’s more, the IT industry needs to acknowledge the evolution of side-channel attacks and, most importantly, determine what needs to be done to achieve a 360-degree approach to security.
To solve this problem and help businesses react quickly to threats, leaders need to adopt a layered security strategy, combining hardware, software and other services to deliver overlapping and complementary layers of detection, inspection and control. Additionally, layered security with AI and machine learning-powered enhancements are critical to identifying and preventing future breaches.
The problem is that CISOs, directors and network administrators continue to follow a one-layer approach. Unfortunately, adopting or investing in only one security feature or a bubble of security services isn’t enough for businesses (of any size) to defend against the sophistication of published side-channel attacks today. Fortunately, there are realistic practices that organizations can integrate, such as real-time sandboxing, endpoint protection and digital identity authentication, to help reduce the chance of an attack.
Eliminating the Infamous Attacker
The recent increase of side-channel attacks has put most businesses on edge, given how difficult they are to monitor and patch. With that, artificial intelligence (AI) is becoming an even more critical component to the cyber arms race. Including AI in a layered solution is critical to identifying and mitigating even the most insidious modern threats.
AI-based solutions proactively detect and block malware and exploits that don’t exhibit malicious behavior and hide their weaponry. This is extremely beneficial when it comes to new attacks, such as the recent emergence of BlueKeep and RAMBleed. By forcing malware and exploits to reveal their weaponry in memory, AI-based solutions are able to proactively and accurately stop mass-market zero-day threats and unknown malware.
Additionally, AI-based solutions can understand how a theoretical attack would work to teach itself how to track irregular patterns in the network. Intelligently learning the code in the memory of a secure environment allows AI-based solutions to track malicious code or data in real-time to identify it before any malicious behavior is detected. Through growing its understanding of the network, AI will become quicker in identifying suspicious malware, which not only will decrease the time it takes to identify an attack, but also eventually allow the solution to identify attacks before they occur.
Although the industry is still uncovering the full potential of AI, recent attacks have proven why it’s necessary to fight the cyberwar. Security is an industry that’s been collecting data for years, and AI is making it easier for security leaders to protect businesses. Helping the industry to gather, learn from and quickly block everything from malware cocktails to weaponized PDFs and the pending side-channel attacks, AI is enabling the creation of solutions that focus on detection and prevention.
More sophisticated and never-before-seen layered attacks are coming, if they’re not already lurking in business networks. A layered security approach, combined with emerging technology enhancements, are critical to defending businesses from emerging threats.