Security news that informs and inspires

Intel vPro Chips Include Ransomware Detection

By

The latest Intel vPro processor for business-class laptops will include built-in protections to detect and block ransomware attacks, Intel said.

Intel added hardware-based ransomware detection to the new 11th Gen Core vPro processors as part of its ongoing efforts to use virtualization security to embed security features right into the silicon. The processor's security technology, namely Intel Hardware Shield and Intel Threat Detection Technology, makes it possible to detect unauthorized modifications to the hardware. By putting security protections right into the silicon, the chip can protect the device from firmware attacks even if the operating system or security software is compromised.

Intel Hardware Shield runs on the CPU underneath the operating system and applications such as security software, so it can detect malicious activity that the operating system may not be able to detect. Hardware Shield locks down UEFI/BIOS and prevents the firmware from being modified during boot. By verifying the operating system is running on legitimate hardware and that the firmware has not been modified by an unauthorized process, Hardware Shield protects against firmware attacks.

Intel’s Threat Detection Technology relies on CPU-based telemetry and machine learning heuristics to detect fileless malware, cryptomining, polymorphic malware. Intel said TDT can detect threats that "leave a footprint" on the CPU performance monitoring unit.

Ransomware strains have recently evolved to bypass security tools and also to spawn copies of itself which could hide inside virtual machines. Anything happening on the device, regardless of layer, would be visible to the CPU. On laptops with the new vPro processor, Hardware Shield would be able to detect ransomware, even if it attempted to hide inside virtual machines or from the operating system, the company said. Intel TDT would then sends a high-fidelity signal that can trigger remediation workflows in the security vendor's code.

"Ransomware was a top security threat in 2020, software alone is not enough to protect against ongoing threats," Stephanie Hallford, Client Computing Group Vice President and General Manager of Business Client Platforms at Intel, said in a statement.

Intel made Hardware Shield--which uses artificial intelligence for threat detection, detecting ransomware, and stopping crypto-mining attacks--mandatory for 10th Gen Core vPro chips in mid-2020. The company also added Control Flow Enforcement Technology to CPUs to help protect systems against malware that uses Return Oriented Programming (ROP), Jump Oriented Programming (JOP), and Call Oriented Programming (COP) techniques to infect devices and hijack applications.

The 11th Gen Core vPro platform would be among the first ones to offer “silicon-enabled threat detection capability,” Hallford said. Intel plans to launch more than 60 business-oriented laptops with the new vPro processors in 2021.

As part of Intel's announcement, security company Cybereason said it will add support for the chips’ features to its security software this year. The layered protection will give businesses “full-stack visibility from CPU telemetry” to prevent ransomware. The company will integrate Intel TDT capabilities into the Cybereason Defense Platform.

"The joint solution represents the first instance where PC hardware plays a direct role in ransomware defenses to better protect enterprise endpoints from costly attacks," Cybereason's Yonatan Striem-Amit said. The collaboration enables "full-stack visibility" to detect and block ransomware before they can cause damage.

A similar partnership with BlackBerry (announced June 2020) added vPro support to Blackberry Optics, a cryptomining and cryptojacking detection tool.