11th Generation of Intel Core vPro Business-Class Processors
Intel and Cybereason have combined their efforts to add anti-ransomware defenses to the 11th generation of Intel Core vPro business-class processors. The enhancement is hardware-based and is embedded into Intel’s vPro platform through its Hardware Shield and Threat Detection Technology.
It will help profile and detect ransomware and other malware threats affecting the CPU performance of targeted systems. This improvement is “the first instance where PC hardware plays a direct role in ransomware defenses,” Cybereason explained in their announcement.
CPU-Based Threat Detection against Ransomware
“This collaboration with Intel to add CPU based threat detection bolsters our long history and industry-leading capabilities in detecting and eradicating ransomware,” shared Lior Div, CEO, and Co-Founder at Cybereason.
The joint effort also caters to another intelligence source for ransomware detection through the integration of Intel TDT capabilities into the Cybereason Defense Platform. “The raw data that Intel TDT analyses for detection purposes is unique and valuable,” Intel explains. The data helps identify polymorphic malware, file scripts, crypto mining, and other cyberattacks. The detection happens in real-time and with minimal impact on the end-user.
The CPU threat detection approach will enable “enterprise customers to go beyond signature and file-based techniques by leveraging CPU-based behavioral prevention of ransomware.” Because it averts detection in memory, the novel approach “eliminates blind spots.”
In conclusion, “Cybereason’s multi-layered protection, in collaboration with Intel Threat Detection Technology, will enable full-stack visibility to swiftly detect and block ransomware attacks before the data can be encrypted or exfiltrated.”
Ransomware continues to be a top threat for organizations and enterprises. One of the latest such attacks against Apex Laboratory, known for providing medical testing for individuals, doctors, and facilities in New York City, Long Island, and South Florida, led to sensitive patient data leaking.
In the meantime, ransomware operators also don’t waste time and improve their methods. In December 2020, Sophos security researchers released new information regarding the SystemBC tool used in multiple ransomware attacks. The tool mainly used as a proxy and a RAT in the past can now use the Tor network to encrypt and hide its command-and-control traffic destination. It is noteworthy that Ryuk and Egregor ransomware families utilized the tool in combination with post-exploitation tools like Cobalt Strike.