Recent findings on Page Cache Attacks by a research team of experts from Graz University of Technology, Boston University, NetApp, CrowdStrike, and Intel detail a first-of-its-type, hardware-agnostic (unlike Spectre & Meltdown) side-channel attack that can remotely target operating systems such as Windows and Linux and effectively exfiltrate data, bypassing security precautions. An expert with Juniper Threat Labs offers perspective.
Mounir Hahad, Head at Juniper Threat Labs at Juniper Networks:
“This attack class presents a significantly lower complexity barrier than previous hardware-based side-channel attacks and can easily be put into practice by threat actors, both nation state as well as cyber gangs. In particular, password recovery via unprivileged applications is a major worry as it would be available to most unwanted software bundlers and other programs typically thought of as relatively harmless.
“There is not much that an end user can currently do to protect themselves against this type of attack except to not run any software from a shady source, even if it does not raise any antivirus flag.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.