• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Endpoint Security • Endpoint Security Cloud • Enterprise Security  /  Cybersecurity below the kernel
What are some of the attacks that can happen on below-kernel components in endpoints?
27 August 2020

Cybersecurity below the kernel

Written by Seqrite
Seqrite
Endpoint Security, Endpoint Security Cloud, Enterprise Security
Estimated reading time: 2 minutes

Security of a computing endpoint is traditionally viewed with respect to Firewall, HIPS, AV Products, etc. This perspective though misses out on “Below Kernel” aspects of cyber threats, which may target Hypervisor, Firmware or Hardware itself. Here are some attacks that are targeted on “Below Kernel” components

DMA attack -> In this the attacker gets into the system through Direct Memory Access capable Ports. This is a physical attack where a customized PCI, or USB, or FireWire device can be used to get access of whole physical memory. The attacker can then get access to encryption keys and in turn, compromise the firmware or hardware. The attacker may even alter OS behaviour by modifying page properties!

MBR Rootkits -> On systems where OS is loaded through MBR, the attackers have been known to compromise MBR and execute arbitrary code on system start. With this mechanism, they can remain hidden from security solutions. In some cases, attackers have also compromised Volume Boot Record (VBR) and perform rootkit injection. Some Ransomware have also used this technique to encrypt the machine

UEFI rootkits -> In recent past, researchers have proven the possibility of UEFI Rootkits where the firmware can be compromised and infected during the BIOS Update. UEFI secure boot can be bypassed by fake signing and modification of UEFI key table

As you can see, “Below Kernel” landscape provides a malicious actor with numerous opportunities to attack a system. To protect against such attacks, Intel and AMD have equipped their processors with several inbuilt security features. An example is the Trusted Platform Module, which provides hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. Recent platforms use this chip for Secure Boot

Intel processors have SGX (Software Guard Extensions) enabled, which can be used to define private regions of Physical Memory, thereby controlling access to the data in memory. AMD processors come with a feature known as SME (Secure Memory Encryption), which encrypts the contents of physical memory. Both the manufacturers have also introduced AES NI (AES New Instruction) in their processors. This feature enables processors to run the AES Encryption

To read more on Security and Below Kernel architecture, go through the whitepaper CyberSecurity Below the Kernel.

 Previous PostPonyFinal Ransomware dubbed by many as the modern-day Trojan hors...
Next Post  Ruthless Valak snowballs into an enterprise’s worst nightmare.
Seqrite
About Seqrite

Follow us for the latest updates and insights related to security for enterprise networks. Subscribe to our newsletter to stay...

Articles by Seqrite »

Related Posts

  • Seqrite Endpoint Security 7.6 supports macOS Big Sur 11

    Seqrite Endpoint Security 7.6 supports macOS Big Sur 11

    November 14, 2020
  • Seqrite Endpoint Security Cloud 1.4 supports macOS Big Sur 11

    Seqrite Endpoint Security Cloud 1.4 supports macOS Big Sur 11

    November 13, 2020
  • Seqrite Endpoint Security supports Windows 10 October 2020 Update

    Seqrite Endpoint Security Supports Windows 10 October 2020 Update 20H2

    October 26, 2020

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • New Spear Phishing Campaign using Army Welfare Education Society’s Scholarship form New Spear Phishing Campaign using Army Welfare Education Society’s Scholarship form March 22, 2021
  • Benefits of having Intrusion Prevention/Detection System in your enterprise Benefits of having Intrusion Prevention/Detection System in your enterprise February 15, 2018
  • 5 Security measures you should take to protect your organization’s network 5 Security measures you should take to protect your organization’s network August 11, 2017

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • How to avoid dual attack and vulnerable files with double extension?

    How to avoid dual attack and vulnerable files with double extension?

    April 9, 2021
  • Cryptocurrency Malware: Bitcoin Mining threats you need to know about

    Cryptocurrency Malware: Bitcoin Mining threats you need to know about

    April 4, 2021
  • Zloader: Entailing Different Office Files

    Zloader: Entailing Different Office Files

    March 23, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (10) Bitcoin (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (284) cyber security (26) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (103) Enterprise security (14) EPS (9) Exploit (12) firewall (11) GDPR (10) IoT (10) malware (59) malware attack (23) malware attacks (12) MDM (25) Network security (18) Patch Management (12) phishing (17) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite Workspace
  • Unified Threat Management
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.