You Think Ransomware is Bad Now? Wait Until It Infects CPUs

An Anonymous Coward writes:

Rapid7 threat hunter wrote a PoC. No, he's not releasing it.

RSAC If Rapid7's Christiaan Beek decided to change careers and become a ransomware criminal, he knows exactly how he'd innovate: CPU ransomware.

The senior director of threat analytics for the cybersecurity company got the idea from a bad bug in AMD Zen chips that, if exploited by highly skilled attackers, would allow those intruders to load unapproved microcode into the processors, breaking encryption at the hardware level and modifying CPU behavior at will.

Typically, only chip manufacturers can provide the correct microcode for their CPUs, which they might do to improve performance or fix holes. While it's difficult for outsiders to figure out how to write new microcode, it's not impossible - in the case of the AMD bug, Google demonstrated it could inject microcode to make the chip always choose the number 4 when asked for a random number.

"Coming from a background in firmware security, I was like, woah, I think I can write some CPU ransomware," Beek told The Register.

Spoiler alert: Beek followed through and wrote proof-of-concept code for ransomware that hides in the computer's processor. "Of course, we won't release that, but it's fascinating, right?"

This, according to Beek, is the worst-case scenario. "Ransomware at the CPU level, microcode alteration, and if you are in the CPU or the firmware, you will bypass every freaking traditional technology we have out there."

Read more of this story at SoylentNews.