Rowhammers And RAMBleeds – Evolving Data Threats

July 2, 2019

In the good old days, data on hard disks and live “volatile” memory were the targets of bad actors. Any usable data that people will pay to get back and any secret information that they typed in while the computer was running, such as passwords and special access characters were the golden ticket to access the nirvana or treasures in an organizations digital chest.

Now, the bad actors have taken a step further to manipulate previous technically sound but limited exploits known as Rowhammers to access information stored on memory chips. The advantage, unlike volatile memory, is that this type of data remains even when the machine is rebooted, so access to this level can expose the types of data that were previously assumed to be fully protected.

This new RAMBleeds methodology that is making news is both interesting and a little shocking. The concept of flipping bits and analyzing the patterns to extract specific code variables is quite unique. It is important to note that while a recent report released by the University of Michigan, Graz University of Technology, the University of Adelaide and Data61 did provide important details on the process, it did not fully evaluate the impact on this type of attack on a production server. The amount of time and computer resources required to successfully extract and evaluate usable, exploitable data at this point in time would make this type of incident non-viable for most bad actor groups.

What does this mean to you? The most important element presented by these dedicated Universities is that all organizations need to change the way they think about vulnerabilities. Technology is ever-changing, and exploits are now being attempted in new and previously unavailable areas of systems. Organizations need to be more vigilant on their observations of system performance degradations, memory leaks and any other unusual patterns that make your Spockian eyebrow go up!

What can you do?

First, get on the wire. Join the CBI alerts, as well as several other well respected networks to keep up to date with the evolution of Rowhammer and its offshoots. Understanding what is new in bad actor methodologies can help you enhance your monitoring, equipment designs and overall cybersecurity posture.
Next, review your access management status. All of the attack vectors require access. Organizations should be consistently validating access points including but not limited to Linux, Unix (SSH) and Windows RDP for vulnerabilities.
Finally, enlist some backup. Utilizing an outside, independent cybersecurity partner like CBI to provide defensible Penetration Testing, Cyber Readiness Assessment and Forensic investigations could be a company’s best defense in the ever-changing world of cyber incidents.

About the Author

CBI Cybersecurity

CBI, A Converge Company, is a leading cybersecurity advisor to many of the world’s top tier organizations. Founded in 1991, CBI provides innovate, flexible and customizable solutions that help ensure data is secure, compliant and available. We engage in an advisory-led approach to safeguard our clients against the ever-changing threat landscape—giving them comprehensive visibility into their entire security program and helping them avoid cyber challenges before they can impact their data, business and brand. We are dedicated to the relentless pursuit of mitigating risks and elevating corporate security for a multitude of industries and companies of all sizes.