In a recently published white paper, Anjuna Security analyzed the complete MITRE attack matrix and found 77 MITRE attacks that Confidential Computing can instantly eliminate. In this series of blogs, we will cover in detail the top five critical attacks and address how Confidential Computing implemented using Anjuna software can abolish these attacks forever!
MITRE Attack T1203: Exploitation for Client Execution
The fourth MITRE attack we cover in this series is T1203: Exploitation for Client Execution. In this attack, an adversary exploits the software vulnerabilities found within the client's applications to execute malicious code locally or remotely. There are various paths an adversary can take to execute this attack, including sending emails with malicious attachments or emails leading to malicious links, malware loaded on USB drives, browser-based manipulation and exploitation, infected office applications, and many more. Attackers often find client-side exploits advantageous given that the client is already behind the target organization's firewall and application security layer. Recently, a notorious attack utilizing this technique known as Log4j has been wreaking havoc for millions of users; it has even caught the attention of Jen Easterly, director of the U.S. Cybersecurity & Infrastructure Security Agency. In an interview with CNBC, Easterly mentions that this is the “most serious” vulnerability she has seen in her decades-long career.
How to Protect Against T1203 - Exploitation for Client Execution?
How is this possible? The titans of technology - Intel, AMD, AWS, Microsoft Azure, and others - have all rolled out new technologies to make it possible to protect sensitive workloads at the hardware level in an isolated environment commonly referred to as a secure enclave. Within the CPU, these secure enclaves provide hardware-level isolation and memory encryption for any application code and data on every server. When code or an application is run in an enclave, it is encrypted in memory and in real-time, protecting it from everyone, including privileged users with root access or cloud admins. Communication between your instance and the secure enclave is done using a secure local channel. A root user or admin on the instance will not be able to access or Secure Socket Shell (SSH) into the enclave. As a result, this provides a private and fortified area for your sensitive data.
Learn More About Other Attacks!
If you missed our previous blog that details how Anjuna provides a solution against MITRE attack T1036: Masquerading, you can find it below.
To learn more about the other 76 attacks that Anjuna software protects against and how you can instantly adopt security by default across your entire environment, take a look at our MITRE white paper below!