Starting 2018 off with a bang, the single largest computer security threat to date was announced with the discovery of the Meltdown and Spectre security flaws which impact devices produced as far back as 1995. Virtually everyone has been affected by this threat and currently, there’s no way to determine if a device has been infiltrated by these risks nor if data has been compromised.
Meltdown and Spectre are the names of two potentially devastating security flaws discovered within computer processors built over the last 20 years, as far back as 1995. Both impact the central processing unit (CPU) of the device, otherwise known as the brains of any computer. Meltdown only affects processors built by Intel, but Spectre impacts all processors, no matter the manufacturer.
Although publicly announced in early January 2018 by security researchers at Google’s Project Zero, the risk was discovered as early as June 2017. Meltdown and Spectre create vulnerabilities in unique ways, but both open opportunities for hackers to steal sensitive data without user knowledge and execute ransomware attacks at a scale never before possible.
Understanding exactly what each flaw is capable of requires a basic understanding of the core processor unit (CPU) and its primary role. The CPU is the big boss of any device. When a user commands the system to do something, the processor carries out the command to perform the task as assigned. The core system, known as the kernel, stores all types of sensitive data in its protected memory for quick access, including passwords, logins, encryption keys, and credit card data. Protected memory is a fundamental concept in computer security which says no process on a computer can access data unless it has permission to do so. This allows the operating system to block one program from seeing data belonging to another and requires a privilege check, or permission, to determine if that program can access data. It’s why when you get a new phone you have to log in to all your apps over and over again.
Meltdown breaks or melts the security walls between the system memory and applications, normally enforced by the hardware, allowing apps and hackers access to confidential data stored in the processor’s protected memory. Meltdown is fairly easily contained with updates and seen as less of a long-term concern than Spectre.
Spectre tricks otherwise safe applications into accessing data stored in protected memory making it available to steal. Using Spectre, ransomware pirates can see where the data is stored and guess what type of data it is. They’ll then lay in, wait and watch, only taking action when it’s most profitable for them.
Almost all computing devices are impacted including computers, tablets, smartphones, really anything with a core processor. Currently, there’s no way to determine if a device has been infiltrated by these threats nor if data has been compromised.
The response can be summed up in one word – quickly. Intel had planned to announce the risk on January 9, 2018, but was forced to divulge early due to leaks which had the potential to compromise security at a catastrophic level. Top techies including Microsoft, Google, Apple, and Amazon all released patches and guidelines for ransomware protection in Maryland and across the U.S. same-day or within days of the initial announcement.
The risks for cloud-based services such as Amazon’s Web Services and Google’s Cloud Platform are significant, due to the enormity of their computing infrastructure and possible access to an extensive collection of memory data in one central repository. There’s been plenty of speculation as to whether the patch fixes will impact processing performance, however, at this time Amazon and Google say they don’t believe the updates required to protect against Meltdown and Spectre have had any impact on their cloud service speed. For Meltdown, in particular, the fix adapts the processing path to again divide the data eroded by the melted internal framework, according to some experts this may cause processing speed slow-downs by up to 30%. Gaming, browsing, and general computing tasks should see no difference while processes requiring lots of file-writing could see an impact.
It’s still early, but there have already been class action lawsuits filed against Intel and Apple citing the release delays of known threats to the public at large put consumers and businesses at risk for ransomware attacks and critical data breaches.
Experts agree the best way to protect against Meltdown and Spectre is to update all computing devices and smartphones with the most current operating system security patch available. Install future updates immediately as they are released, waiting till later just gives hackers an opening to pay you an unwelcome visit.
Of utmost importance, have a strong IT team well-versed in ransomware prevention tactics. If not 100% confident in your IT resources, contract with a Managed Service Provider with broad cybersecurity experience. For any business owner, the worst time to realize weakness is after you’ve had a data breach or received a ransom note.
Follow these best practices to protect your company’s data and prevent expensive downtime.
Ensure OS updates are current for all users, validate anti-virus licenses are current and set to install real-time updates, implement spam blockers, and verify the strength of your firewall. If possible, attempt to hack into your own system to test security processes. Required scheduled maintenance is preferred making it less likely your company will fall prey to workers that ignore repeat desktop update alerts.
Verify back-ups are stored off-line and are in no way connected to shared network files that can be infected by a network virus.
Backup files won’t help if there is no plan in place to restore operations and knowledge of how long it will take to execute.
Require employees to participate in education regarding your company’s cybersecurity protocols, recognizing hacker phishing attempts, potential business and personal impact of a cyber-attack, and the importance of diligence with system updates on a regular basis.
Now is the time to evaluate current security protocols for infrastructure vulnerabilities. Even if you have an in-house technical staff consider engaging an IT vendor offering Ransomware Protection Strategies in Maryland to protect your business from Meltdown, Spectre, and the next new threat that’s waiting around the corner.
IT systems are foundational to modern businesses. Too often, that foundation is unsteady. Unpredictable outages, insecure networks, and unreliable performance from mission-critical systems can jeopardize your entire business.
There’s a better way. Learn how.
Get in touch with us for a free consultation with one of our technical experts. We’ll review your current systems, assess your needs, and identify the coverage options to best meet them.
Get in touch with us by phone: