New secured-core PCs to thwart RobbinHood attacks

by Don Sharpe
Don Sharpe
Don Sharpe
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been... read more
Affiliate Disclosure
Windows OS user

Microsoft has provided detailed information about secured-core computers—a new class of devices with built-in fortification against cybersecurity threats.

The company has been developing the fortified Windows 10 PCs jointly with its OEM partners. It is talking up a new chip-to-cloud strategy that provides multi-level system protection.

RobbinHood malware attacks

Secured-core PCs come with defenses against the RobbinHood malware (and other threats) enabled out of the box.

Such a threat may prevent you from accessing your computer or data. Also, an attacker can use it to ask for a specific amount of money as a precondition for releasing your system.

Baltimore’s government suffered a similar breach of cybersecurity last year after hackers seized part of the city’s information technology system.

In a typical RobbinHood attack, the malware targets your operating system’s kernel. From there, it can execute the lowest-level and most sensitive functions of the OS.

The ransomware contains multiple files, one of which can give an attacker elevated kernel privileges. Once this happens, the intruder may disable kernel-mode driver signing and validation.

That breach paves the way for the loading of a malicious driver with kernel-level privileges like turning off security features or tools.

That is why Microsoft is proposing a multifaceted approach to protecting the kernel. The strategy would involve building cybersecurity into the PC’s chip, OS, and the cloud.

Guarding against kernel attack

With secured-core devices, Hypervisor-protected code integrity (HVCI) verifies each driver that loads into the kernel. It makes it difficult for RobbinHood malware to introduce and run an unsigned driver in the kernel.

Secured-core PCs are the latest hardware to provide driver control out of the box, with baseline configuration already set. Driver control is provided by a combination of HVCI & Windows Defender Application Control (WDAC) technologies.

Additionally, these fortified devices come with built-in defenses against the execution of unverified code.

Microsoft also talked about Kernel Data Protection (KDP), an upcoming Windows 10 feature. Its purpose is to prevent the illegal manipulation of kernel memory and data.

Why hardware-backed security makes sense

There are several ways to handle different types of ransomware in Windows 10. However, you can boost your PC’s security with hardware-backed defenses because these are not just OS-focused.

Likewise, even with all the technical cybersecurity features at your disposal, you may be unable to match them with the right hardware profile.

Also, getting the BIOS and OS settings right for optimal protection can be tricky sometimes.

It will be interesting to see how secured-core devices stack up against persistent remote code execution (RCE) cybersecurity threats.

This article covers:Topics: