A new year, a new major security exploit, and this time it affects everyone. The recent discovery of two problems that take advantage of vulnerabilities in the processor of our devices has been discovered and are known as Meltdown and Spectre. As you’ve probably read elsewhere, the major manufacturers were on the back foot and were scrambling together quickly to bring advice to consumers and business alike. Now the dust has settled somewhat, it’s important to take a look at how to manage the risks.
In the exploit whitepaper, they tested a variety of processors, including Intel, AMD and ARM, to see whether they could exploit the vulnerability. They succeeded in every attempt and concluded that one could bypass segregation of data within memory thus stealing data from programs that would usually be secure. This could be passwords stored in your browser password manager, personal emails, instant messages and business documents and data.
This has caused a major patch run by cloud providers, as potentially the exploit could leak data from the virtual machines of one customer to another as they reside on shared infrastructure.
The two vulnerabilities are different in the way they work. Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory and therefore an exploited system can access system memory that would otherwise be inaccessible. Spectre essentially ‘tricks’ other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain information.
These exploits affect everyone so it is important that you act now. Microsoft, VMWare and many other vendors have released hotfixes and updates to close the vulnerabilities and preparing for the application of these patches should be the top priority at this point. Whilst this is a major vulnerability, it is important to test any of the fixes in a similar environment before you roll it out across the board. A rollback strategy is a must!
Also, take this opportunity to remind your staff and teams about best computing practices and basic security points such as:
- Don’t open attachments you aren’t expecting to receive.
- Treat all emails with hyperlinks as suspicious and do not click on them without first reviewing the destination.
- Ensure you keep your Anti-Virus/Anti-Malware solutions fully up-to-date and install any product updates as the vendors release them in the coming weeks.
- If you believe you’ve opened an infected attachment or visited a site that has been exploited, inform your Information Security team immediately so that action can be taken.
We’ve had our fair share of major exploits in 2017 and it looks like 2018 will be no different. As the attacks become more sophisticated, users need to be more vigilant and pro-active in their approach to security and integrity of the data they handle.