Researchers from North Carolina State University and the University of Texas at Austin have developed a technique for detecting types of malware that use a system’s architecture to thwart traditional security measures. The new detection approach works by tracking power fluctuations in embedded systems.
“Embedded systems are basically any computer that doesn’t have a physical keyboard – from smartphones to Internet of Things devices,” says Aydin Aysu, co-author of a paper on the work and an assistant professor of electrical and computer engineering at NC State. “Embedded systems are used in everything from the voice-activated virtual assistants in our homes to industrial control systems like those used in power plants. And malware that targets those systems can be used to seize control of these systems or to steal information.”
At issue are so-called micro-architectural attacks. This form of malware makes use of a system’s architectural design, effectively hijacking the hardware in a way that gives outside users control of the system and access to its data. Spectre and Meltdown are high-profile examples of micro-architectural malware.
“The nature of micro-architectural attacks makes them very difficult to detect – but we have found a way to detect them,” Aysu says. “We have a good idea of what power consumption looks like when embedded systems are operating normally. By looking for anomalies in power consumption, we can tell that there is malware in a system – even if we can’t identify the malware directly.”
The power-monitoring solution can be incorporated into smart batteries for use with new embedded systems technologies. New “plug and play” hardware would be needed to apply the detection tool with existing embedded systems.
There is one other limitation: the new detection technique relies on an embedded system’s power reporting. In lab testing, researchers found that – in some instances – the power monitoring detection tool could be fooled if the malware modifies its activity to mimic “normal” power usage patterns.
“However, even in these instances our technique provides an advantage,” Aysu says. “We found that the effort required to mimic normal power consumption and evade detection forced malware to slow down its data transfer rate by between 86 and 97 percent. In short, our approach can still reduce the effects of malware, even in those few instances where the malware is not detected.
“This paper demonstrates a proof of concept. We think it offers an exciting new approach for addressing a widespread security challenge.”
The Latest on: Malware
via Google News
The Latest on: Malware
- Protecting against current malware threatson January 20, 2021 at 3:01 am
Despite the advancements of anti-malware solutions, malware variants are becoming increasingly prevalent, sophisticated and evolved. In addition, there are new trends in execution such as the ...
- Dangerous new malware targets unpatched Linux machineson January 20, 2021 at 2:39 am
Security researchers report on a new malware that targets poorly configured machines to tie them into a botnet, which can then be used for nefarious purposes. According to a report from Check Point ...
- Coin-Mining Malware Volumes Soar 53% in Q4 2020on January 20, 2021 at 1:55 am
Detections of crypto-mining malware surged by 53% quarter-on-quarter in the final three months of 2020 as the value of Bitcoin soared, according to Avira. The price of one Bitcoin now stands at over ...
- Researchers find new form of malware used in the SolarWinds attackon January 19, 2021 at 7:14 pm
Cybersecurity researchers have discovered a new malware strain that was used in the now-infamous hack of SolarWinds Worldwide LLC last year. Detailed by researchers at Symantec, the malware, dubbed ...
- Fourth SolarWinds malware strain shows diversity of tacticson January 19, 2021 at 3:43 pm
While Teardrop was delivered by the original Sunburst backdoor in early July 2020, Raindrop was used just under two weeks later for spreading laterally across the victim’s network, Symantec said in a ...
- A New SolarWinds Malware Strain Is Discoveredon January 19, 2021 at 3:10 pm
SolarWinds: it’s the hack that keeps on growing. On Monday, researchers announced the discovery of yet another malware strain used by foreign hackers to infiltrate a wide milieu of American government ...
- SolarWinds Malware Arsenal Widens with Raindropon January 19, 2021 at 8:43 am
An additional piece of malware, dubbed Raindrop, has been unmasked in the sprawling SolarWinds supply-chain attacks. It was used in targeted attacks after the effort’s initial mass Sunburst compromise ...
- Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attackon January 19, 2021 at 7:06 am
Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims' networks—which was deployed as part of the SolarWinds supply chain ...
- Fourth malware strain discovered in SolarWinds incidenton January 18, 2021 at 8:00 pm
Symantec said it identified Raindrop, the fourth malware strain used in the SolarWinds breach, after Sunspot, Sunburst, and Teardrop.
- Microsoft Defender is boosting its response to malware attacks by changing a key settingon January 18, 2021 at 7:04 pm
Microsoft says it is stepping up security for users of Microsoft Defender for Endpoint by changing a key setting, switching the default from optional automatic malware fixes to fully automatic ...
via Bing News