New software side-channel cyberattack is used to capture crypto info

The newly discovered cyberattack is used by hackers to hit operating systems in order to captures targeted company’s cryptography keys.
This kind of new cyber attack is a side-channel based one that bypasses specific chips for hardware and operating systems. Researchers said that the cyber attack leverages a fundamental feature of modern operating systems in order to gain access to data that programmers and users assume it is hidden.

I can be used with a good result for hackers against Windows and Linux OS but it may be working on other operating systems. Its modus operandi isn’t an obscure or malformed one that affects the hardware; In fact, It is based on simple system calls available to relatively low authority user accounts through the operating system.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

The attack works for any hacker that has the ability to force things into the cache and then, measure or
The power of this new vulnerability stays in the fact that caches are everywhere; because of that, it can examine and then exfiltrate data across an entire page of the cache. Because the attacking data-check takes only a number of milliseconds, it gives the hacker enough time to read a number of keystrokes or the clear-text response to a query involving cryptographic keys.

This attack is a serious one because it shows everyone how a fundamental concept in modern OS architecture can be abused to create covert data channels between isolated processes, log keystroke timings, spy on random number generators, and generally leak information from other processes as an unprivileged user.

But the bad news doesn’t stop here, the attack is even more dangerous because it can be used by all types of hackers, not just by those that could potentially use something like Meltdown or Spectre that requires a lot of sophistication and knowledge. So be aware this cyber attack is simpler and not hardware dependent, so it could be used by a lot of regular hackers.
Even a PHP framework that uses the PHP function “microtime” as the pseudo-random seed for their cryptographic operations can be intercepted since the attack can capture the microtime return and the call to the cryptographic generator.

Cybersecurity experts are worried because it will be a long time before the patches will be applied to all affected OSs, which is the only way that this attack can be stopped so damages will be made for sure. he says. For now, you just have to wait for the patch to come out and apply it as quickly as possible.

We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.