New Rowhammer Exploit ‘Throwhammer’ Emerges, Increasing Cybersecurity Risks
A significant development in the realm of cybersecurity has come to light with the introduction of a technique known as ‘Throwhammer,’ which simplifies the execution of the established Rowhammer attack. This recent discovery enables attackers to execute Rowhammer attacks on targeted systems merely by sending specially crafted packets to susceptible network cards over local area networks (LANs).
Rowhammer has been a prominent concern since its discovery in 2012, rooted in the vulnerabilities of newer dynamic random access memory (DRAM) chips. The nature of this issue lies in the repeated access of a row of memory, which can inadvertently lead to “bit flipping” in adjacent memory rows. This glitch allows malicious actors to alter the contents of a computer’s memory, posing severe risks for computer integrity.
Previously, exploiting Rowhammer required privileged access on the targeted device, typically necessitating interaction through malicious websites or software. However, recent advancements from researchers at Vrije Universiteit Amsterdam and the University of Cyprus have diminished these barriers. They revealed that malicious packet transmission can provoke Rowhammer attacks on systems equipped with Ethernet network cards featuring Remote Direct Memory Access (RDMA), a technology frequently found in cloud infrastructures and data centers.
RDMA-enabled cards allow networked computers to exchange data directly in main memory. This facilitates rapid access, enabling attackers to exploit this capability for malicious purposes, such as triggering bit flips in DRAM. The researchers noted that their method does not rely on existing software vulnerabilities, making it an even more challenging threat to defend against.
In their experiments, the researchers demonstrated that a network speed of at least 10Gbps is necessary for a successful Throwhammer attack, as they achieved bit flips by accessing a target server’s memory 560,000 times within a mere 64 milliseconds. This emphasizes the need for robust network defenses, particularly for organizations utilizing RDMA technologies.
The implications of this vulnerability are significant for businesses that rely on cloud services and data handling. Given that the root of the Rowhammer exploit lies in hardware weaknesses rather than software flaws, traditional patching methods will not fully resolve the issue. Consequently, the threat remains legitimate, with potential ramifications including unauthorized access and data corruption.
For further reading on this sophisticated cyber threat, refer to the researchers’ comprehensive paper titled “Throwhammer: Rowhammer Attacks over the Network and Defenses.”
Business owners must be cognizant of these developments, as measures for proactive monitoring and defense against these types of attacks become increasingly crucial. The threat landscape continues to evolve, underscoring the importance of maintaining vigilance in the face of rising cybersecurity risks.
In assessing the tactics potentially exploited in this attack, techniques from the MITRE ATT&CK framework come into play. Notably, this incident involves factors related to initial access and privilege escalation, highlighting the need for organizations to strengthen their defense strategies against these evolving threats.
As cybercriminal techniques become more sophisticated, remaining informed and prepared is key for any business seeking to safeguard its data and maintain operational integrity.