“Whaaaaat?”, you must be asking yourself as you read the title. Hopefully, it’ll suck you in to read the article.
Darwin proposed several mechanisms to explain the diversity of life as he observed it and his travels sought the evidence for them. Had he and Mendel been contemporaneous… well. He proposed “Descent with Modification” and its main causative mechanism, “Natural Selection” (NS). Well, Darwin came before antibiotics, antivirals and Windows 8.
Parallel to “Natural Selection” is “Artificial Selection” (AS, to save me typing) which is employed by man to shape everything from bacteria to offspring. NS (consumer selection of software) and AS (targeting software vulnerabilities by hackers) go on in the world of computers.
Windows 8 has been created by MS to improve the OS and to improve kernel security (among other stuff like making money).
Will it do that? One only has to look to Darwin and Murphy for the answer. I deliberately mentioned antibiotics. They exert a pressure against germs (wide spectrum, against many types and narrow spectrum, against a few). Germs respond by dying, and when the drug level is inadequate to kill (dosage, frequency and duration) they are given time to find any ‘work arounds’ they have up their sleeves, or to communicate with those which have and incorporate those mechanisms.
- Because of the "Struggle for Existence", few offspring survive to reproduce
- Any heritable variation that improves an individual's ability to survive and reproduce (i.e., its "Fitness") will tend to be passed on to the next generation: "Natural Selection"
Murphy’s Law: “That which can go wrong, will.”
By improving kernel security, MS has exerted tremendous pressure against ordinary malware (not phishing, vishing, etc.). So?
So, McAfee Labs has predicted a paradigm shift for attacks on OS attacks against Windows 8, but this shift will “evolve and differentiate” to encompass other OS’s.
“In the coming year as developers and researchers develop new methods for rooting phones, we will see malware authors adapting the lessons of PC malware development to undertake attacks that leverage the mobile hardware layer to a greater extent. PC-based malware is increasingly moving further “down” the operating system (OS) to take greater advantage of hardware; we expect mobile malware to follow the same direction.” – McAfee Labs, per Neowin.net
Let’s break that down: According to John Callaham at Neowin.net, McAfee is predicting that Rootkits and Bootkits will be the new areas of attack in 2012. McAfee’s full report is really worth reading.
“Information security always involves give and take, with equal amounts of measures and countermeasures thrown in. The attackers write malicious code; we counter it. Operating system vendors bake security into the core of the OS; attackers find a way to circumvent. This is a natural part of the dynamic threat landscape and will never go away. But will advances by the information security
industry and operating system vendors drive malware writers outside the OS to directly attack hardware?
Recent versions of Windows have included data-execution protection as well as address-space layout and randomization. These security methods make it harder for attackers to compromise a victim’s machine. Encryption technologies have also boosted OS protection in recent years. As with most internal OS security measures, attackers very quickly found ways to evade them. With the upcoming release of Windows 8, Microsoft will include many new security features: secure password storage, secure boot functions, antimalware defenses, and even enhanced reputation capabilities. Where will this new security architecture drive attackers?
The answer is “down and out”: down into hardware and out of the operating system.
During the last several years McAfee Labs has seen great advances from attackers and malware writers in both rootkits and bootkits. Rookits are used to subvert both the operating system and security software, while bootkits attack encryption and can replace legitimate boot loaders. These are advanced techniques to intercept encryption keys and passwords, and even subvert driver-signing defenses
employed by some OS’s.
Attacking hardware and firmware is not easy, but success there would allow attackers to create resistent malware “images” in network cards, hard drives, and even system BIOS. We expect to see more effort put into hardware and firmware exploits and their related real-world attacks throughout 2012 and beyond.” – McAfee Labs
Remember that backdoor way of attack via printers I wrote about here:
http://drjbhl.joeuser.com/article/413881/Are_Millions_of_Printers_and_other_devices_Open_to_Hacking
Not so “far fetched” anymore… now think video cards, and the host of unprotected “smart devices”you have which all communicate with each other.
By the way, HP has “fixed” that printer software update vulnerability. Until the next one is found. Not bad mouthing HP. At least they fixed a problem. How many firms are acting proactively, though?
Rest in peace, Darwin and Murphy: Deus and machina continue to prove your observations.
Sources:
http://www.neowin.net/news/mcafee-labs-predicts-windows-8-attack-threats-for-2012
http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2012.pdf