Cybersecurity Threat Advisory: North Korean Trojan: KEYMARBLE

What is the Issue?

A group of security researchers has discovered a new variant of the Spectre attack that allows attackers to steal critical information from targets via network connections. Dubbed ‘NetSpectre’, the new attack improves upon its predecessor in a number of ways. Attackers can now remotely infiltrate into a target’s network and exploit existing Spectre vulnerabilities to steal important data.

Why is this noteworthy?

This is an evolution of the previously discovered Spectre v1. flaw, which required the targeted user to unknowingly open and download malicious code or access a site loaded with malicious payloads. NetSpectre bypasses the social engineering threshold and directly attacks devices via network connections. NetSpectre bombards the target network’s ports until a connection is established. From there, sensitive data can be stolen from devices linked to the breached network.

What is the exposure or risk?

All processors, Intel, AMD, and ARM chips are vulnerable to Spectre v1, are also vulnerable to NetSpectre. Exfiltration speeds however remain relatively low, making this attack vector unattractive to cyber criminals, but this is expected to change as NetSpectre evolves. Currently, data leakage speeds are quite slow, ranging from 15, to a high of 60, bits per hour. Like its predecessor, NetSpectre allows attackers to extract sensitive data from a target. Passwords and cryptographic keys are especially vulnerable can be remotely stolen from a system.

What are the recommendations?

SKOUT recommends all users update their machines to the Spectre v1 vulnerability (CVE-2017-5753) if they have not done so already. Intel has officially stated that all previous Spectre remediation’s include the NetSpectre variant as well.

References:

If you have any questions, please contact our Security Intelligence Center.

Categories

Tags

Archives