Smart Buyer
  • Shop On NeweggBusiness
  • Categories
    • Buying Guides
    • Components
    • DIY and How-to
    • Industry Trends
    • NetSec
    • Networking
    • Storage
    • Systems – PC & Laptop
    • Windows
  • About
  • Why NeweggBusiness?
  • Contact Us
Top Posts
PC Cooling: How to Set up Computer Case...
5 Ways to Stream from PC to TV...
How to Choose the Correct RAM Upgrade
How to Troubleshoot a PC Power Supply
Four Apps that Make Your Tablet a Second...
2019 Solid State Drive (SSD) Buying Guide
6 Reasons Your PC is Slow and How...
How-to Guide: Small Office Network Setup
Born in the USA: Computer Hardware Made in...
Computer Monitor Buying Guide 2019

Smart Buyer

  • Shop On NeweggBusiness
  • Categories
    • Buying Guides
    • Components
    • DIY and How-to
    • Industry Trends
    • NetSec
    • Networking
    • Storage
    • Systems – PC & Laptop
    • Windows
  • About
  • Why NeweggBusiness?
  • Contact Us
NetSec

What is ‘Fileless’ Malware Found Inside Server Hardware?

by Adam Lovinus October 4, 2018
by Adam Lovinus October 4, 2018 0 comment 9985 views

Bloomberg Businessweek broke a troubling story about fileless malware found on server motherboards deployed by Amazon Web Services. The servers initially belonged to Elemental, makers of boutique servers used for video compression, which Amazon purchased for its Amazon Prime Video product. AWS shipped Elemental servers to a third party cyber security company, and found a tiny rogue chip the size of a grain of sand embedded in motherboard circuitry.

The rogue chip was not part of the original motherboard design. It allowed a “stealth doorway into any network that included the altered machines,” according to the report. US intelligence sources speaking on background told Bloomberg that the servers, assembled by US-based Supermicro, were sabotaged by People’s Liberation Army operatives in China. “In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies.”

Supermicro and Apple, whose servers were also affected according to the report, disputed the findings.

The largest hardware malware attack, but not the first

Last year around this time, a software update for the popular security application CCleaner erupted into a cyber scandal. Millions of users downloaded the latest version of the disk clean-up program as prescribed, and with it, a computer virus. Owner of the CCleaner brand, Avast, found the breach, discovering that it entered and lingered in host servers without detection for months.

The servers belonged to Piriform, a software development company that sold CCleaner rights and hardware to Avast. The company suspects malware came bundled with Piriform server infrastructure. Not the value add Avast wanted.

Either way, the CCleaner debacle has two teachable lessons.

  • Anyone can get hacked, even companies that wrote the book on cybersecurity.
  • Fileless malware is an alarming supply chain problem that affects business infrastructure.

What makes hardware malware different?

Fileless malware is more patient. It gains access by mimicking a update to Flash or firmware and tricks users into a download, Once inside, the payload deploys in stages. The payload bypasses the OS and application level of a computer, and nests on board a motherboard socket, or memory controller. When malware embeds in a nonvolatile memory nook, a hacker can disable security software, access hard drives, and steal in silence. Software-borne malware hijacks applications and operating systems, arriving over the internet and passing through a network port. Running an antivirus scan detects anomalous software triggers, without paying much attention to component firmware.

Elegant throwback to vintage cyberattacks

Programs designed to attack PC hardware components resemble old-school viruses. The malware Elk Cloner lodged itself inside RAM controllers in Apple II computers. It spread via floppy disc hiding behind a simple game. After 50 runs of the game, you received a poem.

Elk Cloner: The program with a personality

It will get on all your disks
It will infiltrate your chips
Yes, it's Cloner!

It will stick to you like glue
It will modify RAM too


Send in the Cloner!

Malware like Elk Cloner came to be known as a boot sector virus.

 

Fake firmware targets business systems

Earlier in the year Apple removed Super Micro servers from its SIRI development stack after a hardware firmware update came laced with malware. Cybercrime publication The Information broke the story:

A previously undisclosed investigation by Apple into a problem found in a data center server highlights the potential vulnerability of key hardware in IT infrastructure. The investigation focused on Apple’s relationship with San Jose-based Super Micro Computer, causing Apple to return computers it bought from Super Micro.

For the past year, almost all the big name breaches are tied to similar hardware exploits. It hit the Democratic National Committee, the SEC, and Dyn to name a few. HPE estimates one in five servers are affected by known threats.

This is why Google fabricates its own server components

All brands of x86 servers are vulnerable. HPE, Dell, Super Micro, Lenovo—any OEM server—have common components inside the chassis. Furthermore, components by different brands might use the same hardware controller in the finished product.

HPE estimates one in five OEM platforms are currently vulnerable to known threats.

Hardware security concerns led Google to develop and manufacture its own server parts. In addition to bringing semiconductors in-house, Google devised a way of authenticating computers and everything networked to them with every server boot.

Taking action: Root of trust authentication coming to server hardware

Security experts Google’s method the hardware root of trust. It passes code through a network like a game of telephone, with new encryption added with every touch. chain-linked cryptographic verification passed through computers on a network. It works similar to how bitcoin transactions are verified by a chain of remote servers.

 

What if you can’t build your own chips?

HPE is building its own hardware security authentication in Gen10 ProLiant servers. A feature set called Security Assurance builds root of trust verification by modifying motherboards with the HPE iLO proprietary controller near the BIOS.

HPE ProLiant Gen10 server family

HPE proliant gen 10 servers image

Microserver, Rackmount, and Tower form factors for the latest generation of HPE servers.

Compare the HPE ProLiant product line on NeweggBusiness + deep reading on hardware security: Gen10 ProLiant technical sheet (24 pages). This article was originally published October 20, 2017. Updated October 4, 2018

Adam Lovinus

Adam Lovinus

A tech writer and Raspberry Pi enthusiast from Orange County, California.

More Posts - Website - Twitter - LinkedIn - Google Plus

Summary
'Fileless' Malware Hides in Server Hardware Components
Article Name
'Fileless' Malware Hides in Server Hardware Components
Description
All brands of x86 servers are vulnerable to component attacks. HPE, Dell, Super Micro, Lenovo—any OEM server—have common components inside the chassis. Furthermore, components by different brands might use the same hardware controller in the finished product. HPE estimates one in five OEM platforms are currently vulnerable to known threats.
Author
Adam Lovinus
category368HPEServer
0 comment
0
FacebookTwitterGoogle +PinterestEmail
Adam Lovinus
Adam Lovinus

A tech writer and Raspberry Pi enthusiast from Orange County, California.

previous post
10 Easy Ways to Reduce Paper Waste and Print Costs
next post
Meet Your Account Executive: Carolyn Yap

Related Posts

Remote Workforce Security: Tips and Best Practices

December 9, 2020

Aruba Instant On Wants to Simplify Your Small...

August 2, 2019

How to Layer Antivirus Software Without Slowing Your...

May 21, 2018

Securing the Office Printer in Six Steps

May 14, 2018

How to Wipe a Hard Drive Securely

April 23, 2018

Six Router Features That Optimize Small Business Networks

March 21, 2018

Secure a Wireless Network with Access Point Isolation

March 7, 2018

How to Work Remotely While Keeping Secure and...

November 14, 2017

Tips for Ransomware Removal, Detection, and Prevention

November 1, 2017

Are You Ready for Machines to Control The...

September 1, 2017

What's your take? Cancel reply

Subscribe

Savings Spotlight
  • 1

    PC Cooling: How to Set up Computer Case Fans

    September 25, 2015
  • 2

    5 Ways to Stream from PC to TV or Digital Display

    May 23, 2016
  • 3

    How to Choose the Correct RAM Upgrade

    April 28, 2015
  • 4

    How to Troubleshoot a PC Power Supply

    July 11, 2018
  • 5

    Four Apps that Make Your Tablet a Second Monitor

    January 9, 2018
  • 6

    2019 Solid State Drive (SSD) Buying Guide

    December 6, 2018
  • 7

    6 Reasons Your PC is Slow and How to Fix It

    February 28, 2019
  • 8

    How-to Guide: Small Office Network Setup

    December 20, 2018
  • 9

    Born in the USA: Computer Hardware Made in America

    September 27, 2018
  • 10

    Computer Monitor Buying Guide 2019

    January 4, 2019

Newegg + Business

How is this different from Newegg.com?

Why NeweggBusiness?
  • Facebook
  • Twitter
  • Linkedin
  • Email