Eliminating MITRE Attacks with Confidential Computing - T1203: Exploitation for Client Execution

Published on
Aug 16, 2022
How do I protect against MITRE Attacks T1203 Exploitation for Client Execution? You use Anjuna to isolate applications from hardware and the operating system.

In a recently published white paper, Anjuna Security analyzed the complete MITRE attack matrix and found 77 MITRE attacks that Confidential Computing can instantly eliminate. In this series of blogs, we will cover in detail the top five critical attacks and address how Confidential Computing implemented using Anjuna software can abolish these attacks forever!

MITRE Attack T1203: Exploitation for Client Execution

The fourth MITRE attack we cover in this series is T1203: Exploitation for Client Execution. In this attack, an adversary exploits the software vulnerabilities found within the client's applications to execute malicious code locally or remotely. There are various paths an adversary can take to execute this attack, including sending emails with malicious attachments or emails leading to malicious links, malware loaded on USB drives,  browser-based manipulation and exploitation, infected office applications, and many more. Attackers often find client-side exploits advantageous given that the client is already behind the target organization's firewall and application security layer. Recently, a notorious attack utilizing this technique known as Log4j has been wreaking havoc for millions of users; it has even caught the attention of Jen Easterly, director of the U.S. Cybersecurity & Infrastructure Security Agency. In an interview with CNBC, Easterly mentions that this is the “most serious” vulnerability she has seen in her decades-long career.

How to Protect Against T1203 - Exploitation for Client Execution?

Anjuna Confidential Computing software isolates the application from both the hardware and operating system (OS), thereby removing any path to your sensitive data.

How is this possible? The titans of technology - Intel, AMD, AWS, Microsoft Azure, and others - have all rolled out new technologies to make it possible to protect sensitive workloads at the hardware level in an isolated environment commonly referred to as a secure enclave. Within the CPU, these secure enclaves provide hardware-level isolation and memory encryption for any application code and data on every server. When code or an application is run in an enclave, it is encrypted in memory and in real-time, protecting it from everyone, including privileged users with root access or cloud admins. Communication between your instance and the secure enclave is done using a secure local channel. A root user or admin on the instance will not be able to access or  Secure Socket Shell (SSH) into the enclave. As a result, this provides a private and fortified area for your sensitive data.

Learn More About Other Attacks!

If you missed our previous blog that details how Anjuna provides a solution against MITRE attack T1036: Masquerading, you can find it below.

Anjuna Protects Against T1036: Masquerading

To learn more about the other 76 attacks that Anjuna software protects against and how you can instantly adopt security by default across your entire environment, take a look at our MITRE white paper below!

Eliminate 77 MITRE Attacks With Anjuna

The next blog in our five-part series will focus on MITRE attack T1542: Pre-OS Boot. So be sure to stay tuned in!

More like this
Get Started Free with Anjuna Seaglass

Try free for 30 days on AWS, Azure or Google Cloud, and experience the power of intrinsic cloud security.

Try Free