Saturday, May 17, 2025

 

DIGITAL LIFE


Expert warns of the emergence of processor-level ransomware capable of bypassing most detection tools

Ransomware attacks can have devastating consequences for businesses and victims, locking out their equipment and data if a ransom is not paid. But we may be entering a new era where these types of attacks are carried out on hardware, namely processors, bypassing most traditional monitoring systems.

The proof of concept was presented by Rapid7 cybersecurity expert Christiaan Beek, warning of threats that can lock systems until the ransom amounts are paid. In an interview with The Register, the idea came from a bug he found in AMD Zen chips that, if exploited by highly skilled hackers, could allow attackers to load unauthorized microcode directly onto processors, breaking hardware-level encryption and modifying the behavior of the CPU.

The problem is that as a rule, only chip manufacturers can patch their processors’ microcodes when they need to improve their performance or fix problems. The cybersecurity expert points out that it’s difficult for any outside hacker to figure out how to rewrite the microcode, but it’s not impossible, at least in the case of the AMD bug. He notes that Google has demonstrated that it could inject microcode to make the chip always choose the number 4 when asked for a random digit.

Christinaan Beek says he followed up on that and wrote code that serves as a proof of concept for ransomware that can attack the CPU in order to warn of future threats, although he says he won’t publish or disclose it. In the wrong hands, this code could bypass any available detection technology.

This isn’t the first time there have been warnings that hackers are targeting hardware with tools. In November 2024, ESET warned about the first UEFI bootkit  for Linux(https://www.theregister.com/2024/11/27/firstever_uefi_bootkit_for_linux/), but reports date back to 2018. These malicious systems have the ability to inject malware directly into the firmware of hardware components, thus being able to survive a system reboot.

The expert accuses the technology industry of focusing on AI and AI agents, but believes that the foundations have not yet been repaired. He says he sees more and more cases of vulnerabilities that lead to ransomware, whether it be weak passwords, the inability to activate multifactor authentication systems, or incorrectly created passwords. And with that, he warns the industry about the time and money invested in innovation, but not in so-called “cyber hygiene”.

mundophone

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

TECH SK Hynix preps higher-capacity GDDR7 memory chips for next-gen GPUs During a recent earnings call, memory maker SK hynix confirmed that...

  • (no title)
    TECH In Memoriam: The Tech That Died in 2018 A bongo enthusiast once said, "time is a flat circle," which is a pretentious...
  • (no title)
      OPPO New and unprecedented model Find X6 will debut with a huge photo sensor Oppo has a strong smartphone lineup lately, offering great fo...
  • (no title)
    APPLE Company Reveals iPhone Software Support Policy For The First Time Apple’s iPhones have been widely known for their extended software s...