Ransomware has been a growing threat for a while now, but 2021 seems to truly be the year of these evolving attacks. A new report from SonicWall reveals a 148% rise in ransomware attacks compared to 2020, and predicts that there will be over 700 million total ransomware attacks this year by the time 2021 is over. As both the threat of ransomware attacks and the consequences of being a victim continue to escalate, we need a new and better approach to defending against them.
This year’s uptick in ransomware attacks has left businesses, vendors, and government entities alike scrambling to uncover the best method to combat cyber invasions. Major tech companies like Acer and Apple have been hit. Ransomware attacks like Colonial Pipeline and JBS had a significant impact on the US critical infrastructure and economy. Hospitals that are struggling to address the continuing COVID-19 pandemic are under siege from ransomware attacks. The list goes on and it doesn’t show any sign of slowing down.
As these attacks become more sophisticated, the methods and technology we use to mitigate threats should as well — right? That’s a rhetorical question, because the alternative is to concede the advantage to attackers and basically surrender. Nobody wants to do that.
The real question is, “How?” How can we improve our method and technology to do a better job of defending against advanced threats? The answer lies in hardware-based security.
To get ahead of ransomware threats, businesses must go back to basics by re-evaluating the security hardware they are using. Technologies like cryptography and machine learning—both valuable for security—can be accelerated at the hardware level and enable software running on it to identify threats faster and more accurately.
Businesses typically rely on software-based security—like endpoint protection, or intrusion detection solutions. There has also been progress in improving security at the operating system level—using virtualized containers to isolate code and verify the integrity of the applications and data that runs in them. The problem with software-based security, though, is that it can be subverted or compromised.
Attackers are increasingly looking to insert exploit code at the firmware level. There are ways to get ahead of this. Intel, for example, verifies the integrity of the supply chain and the authenticity of the firmware to ensure it has not been tampered with.
That is just one element of a comprehensive, multi-faceted approach, though. Effective security and maintaining device integrity involve every component from the chip to the software. There are a wide array of security solutions that can be broadly grouped into three categories:
- Foundational Security: These solutions are focused on identity and integrity, with the goal of ensuring that the platform comes up correctly and runs as expected.
- Workload and Data Protection: Providing a trusted execution environment for hardware-isolated protection of data in use. These tools help extend the security foundation to help protect virtual machines and operating systems against targeted attacks.
- Software Reliability. Moving select security capabilities to hardware to add more layers of verification and harden protection. These can help round out the effort to elevate security through hardware.
Hardware-Based Ransomware Defense
All of these hardware-based security technologies are great, but will they help defend against ransomware? They all contribute to making devices more secure in general, but one technology in particular stands out in the battle against ransomware: Intel Threat Detection Technology (Intel TDT).
I wrote previously about Intel TDT and how it integrates with security software to improve capacity and performance and increase the efficacy of threat detection without requiring additional deployment or configuration. Technology like this is able to help combat the threat of ransomware through the following capabilities:
- CPU threat detection. Equips endpoint detection and response (EDR) software to go beyond signature and file-based techniques with CPU malware behavior monitoring.
- Full-stack visibility. Closes blind spots to identify legitimate data encryption activities as opposed to ransomware, as ransomware often avoids detection in memory and hides in virtual machines.
- Artificial intelligence (AI). Offloads processing burden of performance-intensive AI algorithms to the Intel integrated graphics controller to accelerate processing and enhance the capacity to analyze data and conduct scans.
- Hardware Shield. Hardware-based security features provide a more secure foundation with protection against attacks that occur below the operating system.
Earlier this year, Cybereason, a leader in protecting customers against ransomware, partnered with Intel to incorporate Intel TDT to stop ransomware attacks that bypass traditional security tools. This collaboration leverages PC hardware to play a direct role in improving the ability to detect and stop ransomware attacks.
It Takes a Village
As long as ransomware remains both effective and lucrative, we can expect the threat to grow. Threat actors continue to adapt and innovate—always looking for creative ways to subvert or circumvent security and compromise devices, so organizations must also employ more sophisticated technologies to defend against them.
Hardware alone is not the answer to ending ransomware—but neither is software alone. With the right combination, though, we can leverage hardware-based security to accelerate and augment software-based security solutions to do a better job defending against ransomware.
- Malcom Harkins Talks about Ethical and Legal Obligations of the CISO - October 20, 2022
- Maggie MacAlpine Chats about Collaborative Threat Intel Initiative - October 14, 2022
- Intel Outlines Focus on Innovative Security Technologies - October 8, 2022