Malware, malicious software in the form of executable code, scripts or active content that is designed to cause intentional damage to a computer, server or computer network has been around for years. However, a new breed of ‘invisible malware’ is getting a head-start over firewalls and security software and seemingly winning the cyber-supremacy race. What makes invisible malware so dangerous is that in most cases, you may not even know that it is there. This makes it impossible for current security software to even catch it, much less remove it.
When it affects your system, invisible malware may accompany a ‘Blue Pill malware’. The latter is a form of virtual root kit that loads itself into a Virtual Machine (VM) and then the operating system. Because virtual root kits load before the operating system, it creates a VM for the malware. This lets the virtual root kit fake a shutdown and restart while the malware keeps running, ultimately making it impossible for your antivirus – which is running on your OS – to detect or address.
Where does invisible malware ‘live?’
Sometimes, invisible malware resides only in memory. This means that there is no file for your legacy endpoint protection software to find. Since this ‘file-less’ malware leaves no trace behind, it cannot even be detected.
It may also enter your Basic Input/Output System (BIOS) from where it can infect and attack your entire system without detection.
Occasionally, invisible malware may disguise itself as a firmware update and replace your existing firmware with an infected version.
What is being done to deal with invisible malware?
Stealth attacks like invisible malware need strong responses. Therefore high-profile computer manufacturers are taking steps to prepare for and prevent such occurrences.
A joint project between Intel, the chip manufacturer and Lockheed Martin, an aerospace and defence company, has created a new line of processors designed to prevent malware infections. Known as ‘Intel Select Solution for Hardened Security’, these processors isolate and protect critical resources to minimise the effect of malware infections.
Concurrently, Intel is also working on a series of hardware preventative measures called ‘Hardware Shield’ that locks down the BIOS to evade attacks.
But is this enough?
The jury’s out on this question.
Most security analysts and experts believe that in the current scenario where malware ‘kits’ are getting easier to access and execute, the only way to deal with invisible malware is to move critical processes and data to the cloud (with protected processors). ‘Transferring’ the risk might enable them to better protect themselves against this type of hardware attack.
For this post, we would like to thank The Times of India (Mumbai edition) and their article Unseen forces can against your PC, published on 19th May 2019.