Neutralize System Intrusions with Confidential Computing

Today’s cybercrime is rampant, all-out, and total, intensifying at an exponential rate, particularly in cloud environments. Adversaries continually strive to gain an advantage by stealthily infiltrating and compromising the most sensitive assets of individuals and enterprises. The need for effective cyber defense has never been more urgent.

Verizon's 16th annual 2023 Data Breach Investigations Report (DBIR) for 2023 provides critical insights into the current threat landscape. The report analyzed over 16,312 security incidents, including 5,199 confirmed data breaches. 74% of all breaches involved human factors, with individuals contributing through errors, privilege misuse, stolen credentials, or social engineering tactics. External actors were responsible for 83% of the breaches, predominantly driven by financial motives. 

A recent Harvard Business Review article further underscores the gravity of cybercrime, shedding light on the extensive impact of data breaches that cause a long-lasting "ripple effect" of ongoing damage. The latest IBM Data Breach Report revealed a staggering statistic: 83% of the 550 organizations studied experienced multiple data breaches in 2022. The aftermath of these breaches often surpasses the initial attack in terms of collateral damage. The authors of the Harvard study examined both the immediate and long-term consequences of successful cyber attacks, including unforeseen damages. Publicly traded companies saw their stock prices plummet by an average of 7.5%, with a mean market cap loss of $5.4 billion. It took companies an average of 46 days to claw their way back to pre-breach value, and some could never fully bounce back.

The devastating impact of the "ripple effect" can be vividly illustrated by real-world incidents. For instance, the January ransomware attack on ION Trading Technologies forced the company to revert to manual trade confirmation, effectively erasing decades of technological progress. Another notable example is the SolarWinds breach, which left up to 18,000 customers vulnerable due to the compromise of the software supply chain. Breaches can lead to severe financial and reputational consequences, causing increased operational costs, dissatisfied customers, and stock market underperformance.

Where to Focus Attention? The Compute Layer

The Verizon DBIR highlights the concerning prevalence of System Intrusion as the primary attack vector for breaches. These attacks involve skilled threat actors, including Advanced Persistent Threats (APTs), which employ stealthy techniques to infiltrate environments, compromise systems, deploy malware, and extract valuable data over an extended period without detection. The report reveals that 96% of the threat actors were external, with financial gain as the primary motivator in 97% of cases. However, in the financial and insurance industries, 66% of threat actors were external, while 34% were internal, marking the highest percentage of insider attacks across the sectors analyzed in the DBIR.

To effectively combat System Intrusion attacks, it helps to understand how attackers go after data. Their ultimate goal is to obtain root access to the compute layer, as it provides a direct pathway to valuable data. Once they breach the compute layer, attackers meticulously examine disks, networked drives, and memory to directly extract sensitive data, such as personally identifiable information (PII). They also actively search for secrets stored in memory, such as encryption keys, tokens, and passwords, often in clear text and easily exploitable for launching secondary attacks on encrypted data. Commonly, attackers install malware to automatically exfiltrate data over time. They then attempt to move laterally to other systems to repeat the process. Insiders, with their elevated privileges, can do this effortlessly. The consequences of such breaches have a significant blast radius, resulting in escalating damage as victims struggle to isolate affected systems, often realizing the severity of the situation too late.

Mark Bower, Vice President of Product Management for Anjuna, observes, "Throwing traditional tools at the problem does not work.” Software-only controls can be compromised if an attacker gains access to memory, which can easily be read or manipulated.

Confidential Computing Transforms the Security Landscape 

Fortunately, a powerful and transformative solution is gaining momentum in the industry—Confidential Computing. Rooted in hardware, Confidential Computing revolutionizes cloud security by effectively addressing the critical issue of securing data in use. It completes the trinity of safeguarding data across its three states: at rest, in transit, and now in use. While encryption has provided reasonable protection for data at rest and in transit, data in use remained vulnerable until the emergence of Confidential Computing.

Traditionally, data needed to be decrypted before it could be accessed or processed by the CPU, exposing it in clear text and making it susceptible to attacks through memory dumps. Moreover, if hackers uncover sensitive information such as encryption keys, tokens, passwords, and other secrets stored in memory, they can decrypt both data at rest and data in transit as well. This realization shatters the notion that encryption alone for data at rest and data in transit provides sufficient protection.

Confidential Computing rises to the challenge by simultaneously protecting data in memory while allowing it to be processed by the CPU. This groundbreaking advancement closes the remaining security gap, ensuring that code and data in active use are shielded from even those with the highest levels of privilege to infrastructure, including external hackers who gain root access or even the cloud providers who own and manage the infrastructure.

Anjuna Instantly Eliminates Numerous MITRE ATT&CK Techniques

Anjuna is at the forefront of securing the cloud with the Anjuna Confidential Computing Platform. Unlike cumbersome do-it-yourself (DIY) approaches previously required for implementing Confidential Computing, Anjuna offers a seamless solution that doesn't require modifications to existing applications. With Anjuna, enterprises can embrace the transformative power of Confidential Computing without compromising usability or security.

In the realm of System Intrusion attacks, the 2023 Verizon DBIR identifies the relevant techniques from the MITRE ATT&CK matrix that cybercriminals use. Anjuna effectively eliminates numerous techniques, providing robust protection against various attack vectors. Noteworthy techniques that Anjuna eliminates include T1068, T1190, T1211, T1212, T1210, T1133, T1021, T1550, and T1078.

For a comprehensive overview of the MITRE ATT&CK techniques neutralized by Anjuna, we recommend reading our white paper titled, “Anjuna Delivers a 77:1 Advantage Against the MITRE ATT&CK MATRIX.” This valuable resource offers insights into the 77 attacks that Anjuna mitigates by default. It is important to note that each attack encompasses numerous implementations, meaning that Anjuna’s protection extends to thousands of real-world attack scenarios. This extensive coverage underscores the robustness and effectiveness of Anjuna’s security capabilities in safeguarding against a wide range of cyber threats.

With the chilling statistics about the frequency and severity of data breaches showing no signs of abating, it’s clear that a new, original approach to cybersecurity is urgently needed. While a defense-in-depth strategy remains necessary, sole reliance on traditional software defenses is insufficient. By embracing Confidential Computing supported by Anjuna’s platform, your organization can take proactive steps to protect against cyber attacks and avoid the devastating consequences and remorse of hindsight. Equip your organization with the power of Confidential Computing today, and you will never have to say, “We could have done more.”

If you want to learn more and see Anjuna in action, watch our live demo.