On one hand, moving malicious code inside the GPU and removing it from the host system makes it harder for security products to detect attacks. But on the other, the detection surface is not completely eliminated and there are trace elements of malicious activity that can be identified, the researchers said.
Some of the defenses built by Microsoft against kernel-level rootkits, such as Patch Guard, driver signing enforcement, Early Launch Anti-Malware (ELAM) and Secure Boot, can also help prevent the installation of GPU threats. Microsoft’s Device Guard feature in Windows 10, which allows only Microsoft-signed and trusted applications to run, can be particularly effective against such attacks, according to the researchers.
While both attackers and defenders will likely continue to refine their moves on the GPU battleground, the researchers said that the recent focus on this area has made the security community consider improving its approach to these threats.
Sign up for Computerworld eNewsletters.