We’re only one week into 2018 and already computer researchers have identified not one but two major cybersecurity flaws: Meltdown and Spectre. These flaws exist inside computer processors and mean that hackers could steal passwords and other sensitive user data stored on almost any device manufactured in the last 20 years.
The key word in that sentence, though, is “could.” As of now, no evidence exists to demonstrate that cybercriminals have taken advantage of these vulnerabilities, both of which may be difficult to exploit. Major software and hardware companies like Google, Microsoft, Intel, and Apple sprang into action to address the issue. Once patches, updates, and workarounds are available, the actual deployment is best left to the professional IT service providers that support your company’s technology.
Still, Meltdown and Spectre present an entirely new threat: one that exploits information at the hardware level, inside your machine, by isolating the connection between the operating system and the user application. So far, Meltdown is impacting many Intel processors manufactured over the years, while Spectre is a more widespread flaw impacting Intel, AMD, and ARM processors found in computers, servers, mobile devices, and tablets.
Processors act as the foundational building blocks of devices, allowing our computers, smartphones, and other systems to “think” by performing a mind-blowing number of calculations each second. Today’s devices “think” in “parallel,” meaning they can perform different calculations for different applications at the same time. This complexity is precisely what a hacker can compromise, using the code running in a web browser to access a computer’s memory, keystrokes, passwords, emails, chat conversations, documents, and other sensitive information.
Once flaws like this are made public, you can bet that cybercriminals will do their best to exploit them.
The Good News: With Software Updates and Security Patches, Most of the Potential Damage from Meltdown Can Be Averted
Fixes for Spectre could take longer to roll out as manufacturers make changes to hardware components, but to reiterate, as of now, no reported compromises have occurred because of the newly identified vulnerability.
Carefully assessing your computer environment to determine what corrections need to be made to minimize risk is imperative. A trusted IT provider can make sure such fixes are executed properly, too, which is critical for businesses. Many security experts say that software updates and security patches for Meltdown could slow computers, servers, and devices, which means older affected machines could need replacement sooner than otherwise expected. Don’t just lean on your current antivirus software, either: the potential for major incompatibilities with the fixes already issued for Meltdown can exist, especially on servers.
Procrastination can lead to serious problems, too—last year, WannaCry infected hundreds of thousands of machines running Windows, even though Microsoft had released an update to address the problem before the attack.
With cloud services, several customers usually share space on individual servers. Cybercriminals trying to exploit the Meltdown flaw could load illicit software onto an Amazon or Microsoft cloud server and then attempt to steal data from anyone else using the same server. Sticking with secure cloud offerings from trusted IT providers is a must.
Even the biggest web giants can’t exert comprehensive control over the ads that appear on their sites, and malicious code can easily be embedded in an otherwise innocuous-looking ad. One click can install malware on your system that can have widespread impacts, and security experts have suggested that such clicks might allow hackers to exploit the Meltdown and Spectre vulnerabilities.
A proper risk assessment and vulnerability scan by a trusted IT provider can indicate the scope of the Meltdown and Spectre problem on your machines, along with recommending which network security tools need to be deployed in your environment to protect systems and data.
With multiple workarounds deployed by browser vendors like Google, Microsoft, and Mozilla, complicated BIOS updates issued by PC manufacturers, and signature-based network firewall and endpoint protection available to secure systems and data, a lot of work will be required in the coming weeks, months, and years to fix the vulnerabilities revealed by Meltdown and Specter. If you’re unsure about your level of security, rely on an expert—contact CMIT Solutions today.
We deploy multiple layers of protection for our clients, shielding them from viruses, malware, ransomware, phishing, and other vulnerabilities. We collaborate with software vendors, hardware manufacturers, and data security experts to mitigate the risk of issues like these. We offer employee training and security policies that can have a positive impact on your business and your employees’ online behavior.
In short, CMIT Solutions worries about cybersecurity so you don’t have to. Contact us today if you have questions about Meltdown, Spectre, or other vulnerabilities.