GPU malware could be the next phase of evolution for Cybercrime: McAfee report

02.09.2015
Malware for graphics cards, exfiltration techniques and a five-year retrospective of the Cyber-crime scene form the focus of the latest McAfee Labs Threats Report: August 2015, from Intel Security.

The vendor is celebrating five years since the Intel-McAfee union by comparing what researchers thought would happen beginning in 2010 with what actually happened in the realm of hardware and software security threats.

Intel said key researchers and executives had reviewed predictions on the security capabilities of silicon, the challenges of emerging hard-to-detect attacks, and McAfee’s 2010 expectations for new device types versus the reality of the marketplace.

The vendor said its five-year threat landscape analysis suggests:

Intel Security’s McAfee Labs senior vice president, Vincent Weafer, said the security vendor was impressed by the degree to which expanding attack surfaces, the industrialisation of hacking, and the complexity and fragmentation of the IT security market had accelerated the evolution of threats, and size and frequency of attacks.

“To keep pace with such momentum, the cyber-security community must continue to improve threat intelligence sharing, recruit more security professionals, accelerate security technology innovation, and continue to engage governments so they can fulfil their role to protect citizens in cyberspace,” he said.

The report also probed into details of three proofs-of-concept (PoC) for malware exploiting GPUs in attacks. While nearly all malware is designed to run from main system memory on the central processing unit (CPU), the PoC leverage the efficiencies of these specialised hardware components designed to accelerate the creation of images for output to a display.

McAfee Labs said the scenarios suggest hackers will attempt to leverage GPUs for their raw processing power, using them to evade traditional malware defences by running code and storing data where traditional defences do not normally watch for malicious code.

Reviewing the PoC, Intel Security agrees that moving portions of malicious code off of the CPU and host memory reduces the detection surface for host-based defences. However, researchers argue that, at a minimum, trace elements of malicious activity remain in memory or CPUs, allowing endpoint security products to detect and remediate threats.

The report also detailed techniques Cyber-criminals use to exfiltrate a wide variety of information on individuals from corporate networks such as: names, dates of birth, addresses, phone numbers, social security numbers, credit and debit card numbers, health care information, account credentials, and even sexual preferences.

In addition to tactics and techniques used by attackers, the analysis examined attacker types, motivations and likely targets, as well as policies businesses should embrace to better detect exfiltration.

The August 2015 report also identified a number of other developments in the second quarter of 2015:

Read More:

(www.arnnet.com.au)

By Chris Player

Zur Startseite