New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


New NetCAT Attack Leaks Data

A new weakness that has been named NetCAT (Network Cache Attack) has been found that affects all Intel server-grade processors since 2012 and allows an attacker to sniff sensitive details. The weakness was discovered by researchers on Intel Xeon E5, E7, SP families from 2012 onwards. The purpose of the processers is to share the CPU cache with network devices and peripherals on the server for better performance. NetCAT is a network-based attack that can be deployed to intercept data in the CPU’s last-level cache of a remote machine. The research shows that if an attacker compromises a machine on the network, or deploys their own, then the attacker-controlled machine can intercept the data without running any malicious software running on the target system. Once the information packet is retrieved, then the attackers must turn to machine learning to decrypt the keystrokes used in the creation of the data. This attack, tracked as CVE-2019-11184, was reported to Intel and Intel awarded a bug bounty to the researchers.

Analyst Notes

Intel has acknowledged the issue and recommends strong security controls on any secured network where DDIO and RDMA (Remote Direct Memory Access) is enabled. Additionally, it is recommended to limit direct access from untrusted networks and to use software that is resistant to timing attacks.