Shulou(Shulou.com)06/01 Report--

There are many ways attackers can hack into endpoints: social engineering, phishing, malware, zero-day vulnerabilities, malicious advertising, ransomware, and even recent cryptocurrency hijackings are just a few examples of the variety and complexity of attackers 'tactics. However, while these attacks may appear to be quite colorful on the surface, some of them share similar characteristics, relying on a few of the same methods to hack terminals and data. Zero-day vulnerabilities, for example, are common intrusion routes. To some extent, the methods used to break into systems retain their historical heritage, in part because they remain effective regardless of the actual malware payload or the attacker's ultimate goal.

Memory tampering is a pain point

Memory tampering that exploits zero-day vulnerabilities or unfixed vulnerabilities is the attacker's weapon of choice because it can circumvent traditional security solutions and execute malicious code on the victim terminal. Attackers have been using these vulnerabilities to compromise target systems, either through web page hacks and malicious ads, or through infected email attachments.

What's interesting about vulnerabilities is that when they operate on application memory, they actually use only a few memory tampering techniques, no matter how complex or critical these vulnerabilities seem. Unfortunately, traditional security solutions often lack the ability to protect terminal memory space and focus only on protecting files stored on disk.

The pain point of this traditional security solution means that hackers can repeatedly exploit these same vulnerabilities, frequently delivering various attack payloads until one of them bypasses the censorship of the security solution. Given that attack payloads range from ransomware to keyloggers to cryptocurrency miners, memory tampering performed using vulnerabilities is particularly effective.

Worse, some attackers also use exploit kits-collections of known exploits in popular applications such as Java, Adobe Reader, browsers, and operating systems-to automatically probe endpoints, find known vulnerabilities, and deliver malicious payloads. Although some widely circulated common exploit kits, such as Angler and Rig, have been blocked by the judiciary, cybercriminals can still rely on memory tampering vulnerabilities to do evil.

memory protection

The obvious question is: How do you protect memory space from vulnerabilities? A client-built, next-generation hierarchical security solution that provides anti-exploit capabilities can be adopted. Attackers often use return oriented programming (ROP) techniques to hijack program control flow execution of specific instructions. Anti-exploit techniques are used to block memory execution in ROP chains and other stack manipulation techniques commonly used in exploits by monitoring ROP.

However, with virtualization and cloud infrastructure roll-out, it is increasingly common to host multiple clients or operating systems on the same host/hardware. Some technologies can be embedded between the hardware layer and the operating system layer to protect memory for all clients without affecting performance.

Memory introspection technology is completely independent of the operating system and is highly resistant to known and unknown memory tampering techniques associated with vulnerabilities. Because it is completely isolated from the operating system, it is completely immune to client-internal threats-no matter how high-end-while still having complete visibility into each virtual workload memory.

With bare metal watchdogs, memory introspection provides an extra layer of security for virtual infrastructure, preventing hackers from exploiting zero-day or unpatched vulnerabilities. Unlike traditional approaches that focus on the actual attack payload, memory introspection techniques focus on the initial attack point.

For example, if an attacker tries to exploit Adobe Reader's zero-day vulnerability to release cryptocurrency miners, ransomware, or keyloggers, memory introspection technology will block the attacker's attempts to tamper with memory to gain power. This means that the attack kill chain is broken before any attack payload is released or damage is done to infrastructure.

Beyond terminal security

Both virtual and physical endpoints continue to play a critical role in a company's enterprise, and security teams need to take full care of these infrastructures to keep them secure without compromising performance and performance. Software-defined data centers, highly converged infrastructure, and hybrid cloud environments have changed the way and scope of how companies operate. However, the focus of security is still on physical endpoints, such as virtual desktop infrastructure (VDI) and virtual private servers (VPS).

Advanced threats often exploit security blind spots, and it's necessary to refactor security solutions to accommodate the new infrastructure, performance, and scalability requirements of the enterprise. Security technologies inside and outside the operating system should be as close to the hypervisor as possible to prevent memory tampering techniques used to deliver advanced persistent threats or malicious threats such as cryptocurrency miners and ransomware, and to avoid financial and reputational losses.

This article is reproduced from "Safe Cattle" by Nana

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.