Researchers from North Carolina State University and the University of Texas at Austin have developed a technique for detecting types of malware that use a system’s architecture to thwart traditional security measures. The new detection approach works by tracking power fluctuations in embedded systems.
“Embedded systems are basically any computer that doesn’t have a physical keyboard – from smartphones to Internet of Things devices,” says Aydin Aysu, co-author of a paper on the work and an assistant professor of electrical and computer engineering at NC State. “Embedded systems are used in everything from the voice-activated virtual assistants in our homes to industrial control systems like those used in power plants. And malware that targets those systems can be used to seize control of these systems or to steal information.”
At issue are so-called micro-architectural attacks. This form of malware makes use of a system’s architectural design, effectively hijacking the hardware in a way that gives outside users control of the system and access to its data. Spectre and Meltdown are high-profile examples of micro-architectural malware.
“The nature of micro-architectural attacks makes them very difficult to detect – but we have found a way to detect them,” Aysu says. “We have a good idea of what power consumption looks like when embedded systems are operating normally. By looking for anomalies in power consumption, we can tell that there is malware in a system – even if we can’t identify the malware directly.”
The power-monitoring solution can be incorporated into smart batteries for use with new embedded systems technologies. New “plug and play” hardware would be needed to apply the detection tool with existing embedded systems.
There is one other limitation: the new detection technique relies on an embedded system’s power reporting. In lab testing, researchers found that – in some instances – the power monitoring detection tool could be fooled if the malware modifies its activity to mimic “normal” power usage patterns.
“However, even in these instances our technique provides an advantage,” Aysu says. “We found that the effort required to mimic normal power consumption and evade detection forced malware to slow down its data transfer rate by between 86 and 97 percent. In short, our approach can still reduce the effects of malware, even in those few instances where the malware is not detected.
“This paper demonstrates a proof of concept. We think it offers an exciting new approach for addressing a widespread security challenge.”
The Latest on: Malware
via Google News
The Latest on: Malware
- US government issues warning following uptick in Emotet malware attackson October 7, 2020 at 8:03 pm
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency has issued a warning that state and local governments need to fortify their systems against Emotet malware ...
- Fileless Malware Injected in Windows Error Reporting Serviceon October 7, 2020 at 8:19 am
Sample of phishing email a hacking group is using to spread fileless malware (Source: Malwarebytes) Malwarebytes researchers have spotted a fresh attack tactic that involves threat actors directly ...
- US warns: Big surge in Emotet malware campaigns makes it one of today's top threatson October 7, 2020 at 5:37 am
CISA's intrusion-detection system has picked up 16,000 alerts over Emotet threats to government networks since July.
- DHS warns that Emotet malware is one of the most prevalent threats todayon October 6, 2020 at 6:16 pm
The malware known as Emotet has emerged as “one of the most prevalent ongoing threats” as it increasingly targets state and local governments and infects them with other malware, the cybersecurity arm ...
- Scary new malware can survive even if you erase and reinstall Windowson October 6, 2020 at 5:00 pm
A new kind of malware has been found that reappears if you try to remove it. And to make matters worse, a full system restore doesn't help.
- Samaritan restores all computer systems after malware attackon October 6, 2020 at 12:11 pm
It took just over 2 months, but Samaritan Health announced Tuesday it has successfully completed the restoration of all computer systems and applications in the wake of a malware attack. Samaritan ...
- Malware campaigns deliver payloads via obscure paste serviceon October 6, 2020 at 8:20 am
Multiple malware campaigns have been spotted using Pastebin-style services to facilitate their nefarious activities. Instead of delivering payload from a dedicated Command-and-Control (C&C) server, ...
- New 'MosaicRegressor' UEFI Bootkit Malware Found Active in the Wildon October 6, 2020 at 2:11 am
A rare kind of potentially dangerous UEFI bootkit malware that targets a machine's booting process to drop persistent malware.
- Kaspersky Finds Sophisticated UEFI Malware in the Wildon October 5, 2020 at 11:15 am
Security researchers from Kaspersky Labs are used to coming across advanced and devious malware, but rarely have they seen anything like MosaicRegressor. According to the company's latest blog post, ...
- Malware Families Turn to Legit Pastebin-Like Serviceon October 5, 2020 at 11:02 am
Cybercriminals are increasingly turning to a legitimate, Pastebin-like web service for downloading malware — such as AgentTesla and LimeRAT — in spear-phishing attacks. Pastebin, a code-hosting ...
via Bing News