Server-Based Attacks

As the threat landscape is expanding, it is observed that the significant source of initial compromise is not limited to the traditional ones. Majority of enterprises stated that cloud security is one of their topmost concerns and one in which they believe their enterprise is most vulnerable to a serious security breach.

Attackers are finding newer and more creative ways to infiltrate servers, processors, and residing memories, and hence making risk mitigation severely complicated for enterprises. With the increase in cyberattacks, it is also observed that in most of the cases, such as supply chain attacks, the attackers keep their malware footprint very low, preferring to steal and use credentials to perform lateral movement through the network and establish legitimate remote access.

This was found as a recurring pattern; for example, incidents with an American software enterprise, wherein the backdoor was used to deliver a lightweight malware dropper that has never been seen before. Such droppers load themselves directly in memory and do not leave traces on the disk, hence making it extremely difficult to retrieve data backup.

To avoid detection, attackers have a habit of using temporary file replacement techniques to remotely execute their tools. This, in return, allows them to modify a legitimate utility on the targeted system with a malicious one, execute the same, and then replace it with the legitimate one.

Major data-sensitive industries, primarily in the healthcare and BFSI space, have been a target of server-based attacks. This is because these industries store and process large amounts of sensitive data, such as personal health information, financial data, and account information. This data is highly valuable to attackers, who can use it for a variety of purposes, such as identity theft, fraud, and blackmail.

Many times, malicious viruses exist in an enterprise's network as a part of the rootkit, and constantly exfiltrate data. Rootkits are often undetectable and extremely difficult to remove. Both detection and removal are beyond the capabilities of traditional antivirus, antispyware, and internet security suites. And this is where enterprises must look at protecting themselves at the root.

Nowadays, it is a common practice to encrypt data in storage "at rest" and while traversing the network "in transit," but not while it is actively being processed in memory (i.e., data "in use"). Existing security solutions have been focused on solutions driving cybercriminals to develop new attack venues, including memory scraping and CPU side-channel attacks.

As Enterprises that handle sensitive data, such as PII, financial, or health information, are increasingly becoming aware of this exposure, and the industry bodies and corporates have responded by forming the Confidential Computing Consortium (CCC), focused on securing data-in-use, and accelerating the adoption of confidential computing through open collaboration.