As cyber criminals are launching increasingly sophisticated attacks, largely aided by the automation technologies afforded by cloud computing, Project Freta from Microsoft Research aims to turn the tide.

The Problem With Public Cloud

The modern way that many of us now do business has opened up unprecedented opportunities for cyber criminals. The digital transformation process has seen many organisations around the world move to public cloud-based computing services to fulfil their infrastructure, platform and software needs. Now, instead of a company relying on a handful of in-house servers, it can operate using remote server centres.

These data centres house many hundreds of servers, making it practically impossible to monitor each machine as rigorously as we once did. As a result, it is a lot easier for a few rogue actors to slip in unnoticed. As more businesses make the move to cloud computing and the number of servers continues to rise, this danger is set to increase, too.

Cyber criminals have been quick to realise the profits which can be made from hacking the public cloud and have invested heavily in incredibly sophisticated “smart malware”. This next-generation malware can navigate traditional security measures, disguising its signature and even deleting itself if it does happen to be detected.

It’s simply not possible to revert back to our old ways of doing things. Public cloud computing gives organisations a host of compelling benefits, such as powerful data processing and analytics, and unlimited storage. Unless an attack happens, it’s a very cost-effective option for businesses of all sizes. Therefore, Microsoft Research has determined that it’s time to protect the public cloud infrastructure more effectively than ever before.

What Is Project Freta?

Project Freta is a zero-cost service created by the Microsoft Research NSV team. It provides an automated inspection of a memory snapshot for Linux and Windows systems. Participants in the project need to submit a memory snapshot from their virtual machine, which will be examined for signs of malware. A report will then be sent back, including any key malware findings.

Simply put, Project Freta looks at how malware is successful and turns it on its head. Malware needs to be undetectable to undermine security protocols, as once its unique code (also known as its signature) has been identified, it can be added to security programming. To detect a single instance of malware, however, many thousands of servers or virtual machines must be scanned, and traditional methods have been too slow to keep up with the threat.

Project Freta is working to show the tools and methods which might be suitable for massive scale, fast scanning. While the project focuses on in-memory malware in virtual machines, these techniques could eventually be applicable across the cloud. It is developed in accordance with four key principles:

–              Malware can only detect sensors once installed
–              No malware can hide beyond sensors
–              No malware is able to change before it is sampled
–              Malware is unable to change a sensor to avoid detection and sampling

Project Freta promises a number of key benefits, including:

–              Detecting new malware, kernel rootkits, process hiding and other indicators of intrusion by inspecting captured virtual machine (VM) snapshots
–              Being very easy to use. Those taking part simply need to submit a captured image in order to receive a generated report on its content
–              There is no software to install in order to benefit, meaning that malware is not given any warning which can lead to it evacuating or deleting data

By harnessing the processing capabilities of cloud computing, the prospects look good for Microsoft Research’s ambitious project, giving us all hope for a more secure future online.