Protecting Yourself from Spectre & Meltdown
From WannaCry to Heartbleed, hardly an industry was spared in 2017 as sensitive corporate and consumer data was fervently stolen by hackers. Two new threats, known as Spectre and Meltdown, are different from those that dominated last year's headlines as they have not, as of yet, been exploited by hackers. With the information I'm going to provide, you'll be able to effectively protect yourself and improve your network security.
What Is Spectre & Meltdown?
These potentially devastating bugs were discovered by Jann Horn, who is part of a group of security analysts at Google tasked with finding unknown cybersecurity vulnerabilities. Horn conducted tests that showed that "an attack running on one virtual machine was able to access the physical memory of the host machine and through that gain read access to the memory of a different virtual machine running on the same host." This would be unthinkable under normal circumstances and signaled a very serious breach of a computer's most fundamental security protocols.
At their core, Spectre and Meltdown are bugs found in processing chips, including those made by Intel, AMD and ARM Holdings. Processors that use a CPU feature called "speculative execution," which helps the processors run faster, can be exploited by these bugs to allow unauthorized processes access to the most sensitive data on a device, including passwords, encryptions keys and even kernels, which are the heart of any operating system. Security magazine reports that a hacker attack occurs, on average, once every 39 seconds.
Spectre affects the type of chips found in smartphones, tablets and computers, while Meltdown -- more dangerous because of its kernel reading capabilities -- targets laptops, desktops and computer servers. Given the widespread use of processing chips with these bugs, the vast majority of devices and browsers are impacted. All iOS devices (excluding the Apple Watch) and browsers are infected, as well as Android, Microsoft devices and a whole spectrum of web browsers ranging from Chrome to Safari and Firefox.
In addition, Amazon, Microsoft and Google all have cloud storage services. Using the Meltdown bug, all someone would have to do to gain immediate access to the data of countless cloud users is upload an application to the same shared remote server.
How Microsoft, Apple, Google & Other Tech Giants Respond
All three tech giants have issued patches, updates or defensive recommendations to help combat both Spectre and Meltdown. Microsoft issued an emergency update to address the vulnerabilities in the Windows operating system. However, the updates seem to conflict with some antivirus software, resulting in the much-hated "blue screen of death" or BSOD. A special key has been distributed to anti-virus vendors to aid Microsoft in safely downloading and installing the update. Patches have also been released for Chrome, Firefox and Safari.
What Can You Do?
People often ignore prompts to update their software, anti-virus or operating systems. But doing so leaves you vulnerable to threats like Spectre and Meltdown. I also recommend using an ad-blocker like uBlock Origin, as malicious code can, and often does, appear on even the most popular websites. Regularly change passwords for accounts that house sensitive data like banking, credit card or email accounts and only download updates directly from the manufacturer. You should never click on or download any "update" that comes in the form of an email.
Moving Forward
According to Small Business Trends, 43 percent of all cyberattacks target small businesses. With Spectre and Meltdown affecting so many devices and browsers, hackers have a lot of opportunities to get their hands on valuable corporate and consumer data. Companies like Google, Apple, Microsoft and Amazon have issued important countermeasures. However, these defenses are only effective if businesses and consumers are properly educated about the dangers of Spectre and Meltdown and take the appropriate steps to mitigate them. While it will likely take years to fully eliminate the threat of these bugs, businesses like yours can take action now to protect themselves and the clients they serve.
