Ransomware can now run directly on the CPU, researcher warns

Bottom line: Chipmakers typically use microcode updates to fix bugs and improve CPU reliability. However, this low-level layer between hardware and machine code can also serve as a stealthy attack vector – capable of hiding malicious payloads from all software-based defenses. As threats evolve, even the deepest layers of a system can no longer be assumed safe. A security researcher designed a way to "weaponize" microcode updates to install ransomware directly onto the CPU. Rapid7 analyst Christiaan Beek drew inspiration from a critical flaw in AMD's Zen processors, discovered by Google researchers earlier this year. The flaw could allow attackers to modify the RDRAND instruction and inject a custom microcode that always selects "4" when generating a random number. Microcode updates should theoretically be exclusive to CPU manufacturers, ensuring the correct update installs only on compatible processors. While injecting a custom microcode is difficult, it is not impossible, as the RDR ... Read full article.