Security researchers demonstrated an attack that combines memory deduplication and Rowhammer exploits in a proof...
It is more likely for a targeted attack to exploit a low risk vulnerability than for a worm to do so. Most, if not all, vulnerabilities that can be used by a worm would be classified as high risk through basic vulnerability analysis. Enterprises shouldn't completely ignore low risk vulnerabilities, but should focus their resources based on the overall impact of a security incident, or the results of an audit or assessment. In a targeted attack, a skilled attacker can chain different vulnerabilities together to gain access to an individual system and then use that access to attack the rest of the network.
This proof-of-concept attack that combines memory deduplication and a Rowhammer exploit is of low risk. It is very unlikely a Rowhammer-based exploit will be used in a worm, but a Rowhammer and Microsoft Edge attack could be used to capture a targeted password and then used to further attack an enterprise. Researchers from Vrije Universiteit Amsterdam in the Netherlands outlined the specific scenario necessary to extract a password from a targeted system.
For enterprises that have performed a risk assessment and identify this attack as high enough risk to mitigate, there are few steps they can take to limit the impact of an attack using Rowhammer. The most important step is to not browse untrusted websites from servers that could be targeted, but this doesn't protect virtual systems or terminal servers using vulnerable DDR3 or DDR4 memory. The researchers are working with Microsoft to devise a mitigation for this attack.
Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Find out how to mitigate bit flipping caused by Rowhammer attacks
Learn if the Rowhammer exploit marks a rise in hardware vulnerabilities
Read about the problems branded vulnerability marketing creates
Dig Deeper on Web browser security
Related Q&A from Nick Lewis
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can ... Continue Reading
CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about ... Continue Reading
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.