An overview of what IT and Business Professionals need to know about the Spectre and Meltdown chip flaw.
2017 was a turbulent year for IT departments everywhere (Looking at you, Security).
Ransomware and malware attacks increased rapidly from the year before, and the mainstream media went into a merciless frenzy as the NHS, public service and commercial sectors were affected. It’s safe to say that many IT operations, security and service delivery teams were glad to see the back of 2017, and the security challenges, long hours and stress the year had brought with it.
Spectre and Meltdown Vulnerabilities and Patches Explained.
Hopefully, everyone took a well-deserved break over the festive period. 2018 has arrived and with a cybersecurity vengeance in the form of the Spectre and Meltdown CPU vulnerabilities. Early to announce the problem was IT media outlet, The Register on January 2rd 2018. This was followed by worldwide coverage by major media as the scale and security consequences of this major chip flaw became widely understood. At the time of this blog, the issue had been discovered in Intel, AMD and ARM processors, therefore affecting ‘virtually all’ computers. The problem has been dubbed as the ‘worst CPU bug’ ever found.
Interestingly, the discovery of the vulnerabilities was made by Google’s Project Zero team back 7 as reported by The Guardian. Chip manufacturers were aware they had issues and had been working on product patches and solutions before the vulnerabilities hit the public news. So, there’s good news and there’s bad news. Good news: there ARE patches available. Bad news: fixing problems with CPUs is never going to be easy so patches, particularly these early and rushed releases may come with negative side effects for your business and affected devices.
The vulnerability, the patch and the side-effect.
Meltdown is considered to affect primarily Intel processors dating back to 1995. The exploit could allow hackers to access sensitive company information. The patch for Meltdown addresses the way the operating system handles memory , this is to ensure that the data can’t be stolen or corrupted within the CPU itself. Many reports indicate that applying the patch to an affected device could reduce the performance and speed of the updated machine by as much as 30%, with Intel’s own report suggesting the reduction between 2 and 25%. It was announced on 23rd January 2018 that Intel had asked users to stop installing some of their patches after they investigated the cause behind the patches slowing down computers. Senior managers from Linux have called for better handling of the resolution, and have pushed Intel for a permanent, more effective solution than patching the existing software and have urged them to make long-lasting changes to the underlying physical design of Intel’s products.
Spectre affects Intel, AMD and ARM processors. It can result in data being extracted through the manipulation of the applications and data services running on the device. Industry analysts suggest that although Spectre is harder for hackers to exploit, it is just as complex to resolve. Side effects of installing the patch have resulted in some devices reportedly failing to start after installation. Microsoft has recently asked users and administrators to stop applying the patches AMD had issued for its own chips. This was due to the inflow of reports stating that machines had stopped working, giving them time to issue a revised patch.
So, what does this mean?
It means huge challenges for organisations, businesses and individuals (both workers and consumer users) everywhere and in every sector.
Although industry analysts are confident there has been no exploitation of this vulnerability to date, there is no complete guarantee that this is the case. Exposed vulnerabilities as big as Spectre and Meltdown aren’t ignored for very long; cybercrime has proliferated past the traditional ‘basement-hacker’ to organised cyber-criminal groups and rogue state-sponsored cyberattacks.
The lack of confidence in the effectiveness of the patches are not reassuring for organisations, business owners and IT personnel, but as well as staying up to date with what cloud and IT service providers are announcing there are gaps in security between now and waiting for a potential patch that needs to be considered.
Are there any quick wins? Any way around the situation? What can be effective?
There are actions you can take today to reduce your risks to the current threats before and in conjunction with cautiously reviewing and applying the chip manufacturer’s advisory, guidance and patch release initiatives across your technology infrastructure.
Typically, cyber exploits are likely to first manifest on endpoint devices such as desktop clients and server infrastructure that is located on premise, in data centres or in the cloud. As a result, your organisation may want to quickly implement security reinforcement layers to boost your overall IT security strategy.
Security vendors and solutions providers are now delivering relatively straightforward non-invasive and non-disruptive technologies that work alongside the organisations existing data security investments to protect them from the various unforeseen security vulnerabilities that we are now regularly experiencing.
Nowcomm suggests implementing solutions that give you visibility of what’s happening across your network devices. Security solutions delivered in a cloud and “as a service” model add extra strength to traditional security policies and investments such as Firewalls, Intrusion Prevention and Anti-Virus.
Firstly, they complement the existing environment and they don’t need to replace the current systems additionally they are vendor agnostic, so organisations don’t get locked into a single vendor. Being cloud-based means they are effective before the attacks hit your organisation – the security model looks at traffic and requests in the cloud or at the internet-level, so organisations can take load off the current on-premise solutions. They are agnostic of the application or device location, so you benefit from protection if your laptop is in the four walls of the office, or in the hotel of your family holiday – policies are enforced everywhere and at all times. The same is true of your applications, whether they are on a cloud platform or in your own on-premise or hosted data centre.
Such innovations enable mobile workers to roam the internet on corporate devices safely, with our security solution lying at the forefront of your network’s multi-layered security strategy. With the best will and security strategy in the world, the evolution of modern malware means it’s harder to detect malicious traffic when it tries to enter your network – however this doesn’t mean you can’t immediately and automatically shut down the communication between the exploit and the attacker, rendering the exploit useless.
Enhance the integrity and security of your devices and platforms with an effective malware protection service that complements your existing security portfolio of anti-viral solutions. Additionally, connect and utilise a leading threat intelligence agency, such as Talos. This organisation collects and analyses information about malware, developing threats and possible unknown day-zero attacks to your network, equipping your organisation with the knowledge and tools to counter emerging threats.
Technology touches every part of our life and comes in the form of many different devices, applications and services. There is no single or combined security software or device that will definitively stop your organisation’s systems or users from being infected or breached by a cyber exploit (and immediately be cautious if you are ever told it is possible).
What is certain is that cyber threats and attacks will continue to expand and touch our ever-connected ways of working, communicating and sharing data. Some exploits may not only potentially impact the systems and solutions we have deployed as a business, but may breach applicable industry and statutory guidance and legislation to your organisation (examples include; Data Protection Act; FCA regulations; Basel II and the future Basel III; European GDPR legislation - to be introduced in May 2018; Sarbanes Oxley and so on).
Therefore, data security breaches that are regularly identified each year, like Meltdown and Spectre could expose an organisation to the cost of data loss and data breaches (including the reputational and ongoing business damage this may incur), and lead to large fines and regulatory investigations .