What are Meltdown and Spectre and How Can You Protect Your Business from Them
Just under a week into the New Year and the world is already experiencing the first critical vulnerability in 2018.
Researchers have discovered two security vulnerabilities that collectively affect most modern chips made by Intel, AMD, and ARM. If exploited, a hacker could potentially steal data from the breached machine ranging from emails and browsing data to login credentials.
So, what are these vulnerabilities and what steps can you take to protect your business network from them?
The Vulnerabilities – Meltdown and Spectre
Meltdown and Spectre are the names given to these two separate CPU vulnerabilities. Meltdown specifically affects Intel chips used in desktops, laptops, and servers. Spectre potentially affects Intel, AMD, and ARM chips in computers, laptops, smartphones, and tablets. According to reports, these vulnerabilities are OS agnostic so they potentially affect Windows, Apple, Linux, and Google products/systems.
Both vulnerabilities are related to how processes interact with memory in a computer’s kernel. In a nutshell, from our partner KnowBe4:
“Meltdown breaks the isolation between the user app and the OS, so the app can do a memory dump and steal any data in it. Spectre goes further. It breaks the isolation between apps. It's harder to exploit but harder to mitigate.”
For a deeper dive into the issue, here's some insight from our friends at CyberShark:
"What’s at the heart of these vulnerabilities is that a successful attack will provide read access to unencrypted data in CPU registers (memory). The attack exploits the speculative computations that processors perform in an attempt to speed up overall workload throughput. It means that the processors have access to unencrypted data in registers and the attacks are able to prey on the way these speculative computations work and thus gain access to the unencrypted data as well. These are called “side channel” attacks."
These are serious vulnerabilities with potentially devastating consequences.
How Can I Protect My Business Network from Meltdown and Spectre
Fortunately, the technology industry at large has known about these vulnerabilities longer than the public so there’s already some ways you can mitigate their potential impact.
Apply Available Patches
Microsoft has already released an emergency update. Apple and Google have said that some mitigations are already in place for their devices that have the most recent updates with more on the way. There are reports from several sources noting a performance impact related to applying some of the Meltdown/Spectre patches. The impact seems to vary based on a number of factors and real-world data is still being collected.
Intel has now updated their guidance to recommend that users stop deployment of current versions of their chip patches due to reboot issues for the time being.
However, because of the nature of these vulnerabilities there’s a laundry list of other updates that should also be considered. For example, firmware updates should be applied when they become available from their respective vendors. Browsers, such as Google Chrome and Safari, will need to be updated when patches are available. It’s also reported that antivirus software will need to be up to date to allow patches like the one from Microsoft to be applied. And the list goes on.
Make sure that you are getting your patches from official, legitimate sources. Security experts have already found sites offering fake Meltdown/Spectre patches that instead lead to malware.
Hopefully you have an inventory of all your hardware and up-to-date patch currency for all your systems. If not, consider having a trusted partner like Kelser conduct a vulnerability scan for you. This can provide you with a snapshot of the state of your patch currency within your environment as well as other potential vulnerabilities at your organization.
But even with a detailed inventory and your patch currency in hand, this could be a daunting task depending on your environment. For some IT departments, it could take hours upon hours of your work week to get all your various systems patched in a time frame that minimizes your potential exposure. If you find yourself overwhelmed at the prospect of tackling this patching in a timely manner, you may want to reach out to a technology partner to handle this for you. For example, Kelser’s managed services such as desktop management and mobile device management handles the patch currency of your devices, among other things, for you. This frees you up to do what you (and your department) do best.
Employ Cybersecurity Best Practices
According to sources, malware of some kind would still need to be present on the vulnerable machine to fully carry out the stealing of data scenario. With that said, following cybersecurity best practices to prevent malware from infecting your systems can help mitigate the potential damage from these vulnerabilities. Things like up-to-date patching, employee cybersecurity awareness training, DNS-based protection, a NextGen firewall, and NextGen malware protection are just a few of the layers in a comprehensive cybersecurity solution.
Much like with continued patching, a robust cybersecurity program can potentially be challenging (and costly) to handle in-house. Instead, you may want to consider leveraging a proven cybersecurity partner to implement a Cybersecurity-as-a-Service solution for your organization. At Kelser, we believe that we truly have the most robust Cybersecurity-as-a-Service offering available - we call it Defend Forward. It’s a simple, cost-effective way to defend your organization’s network, data, and reputation.
Take Action to Protect Your Business
Meltdown and Spectre are alarming vulnerabilities present in many of the products that businesses rely on daily. However, there are steps you can take to protect your organization from the damage they could cause. Staying on top of your patch currency and employing cybersecurity best practices can help protect your organization from not only Meltdown and Spectre but potentially whatever other cybersecurity vulnerabilities that 2018 may have in store.
Looking to conquer your technology challenges in 2018? We’re here to help – please feel free to reach out to us any time to discuss your challenges and how we can work alongside you to enable your business success.
Update - 1/8/18: Added detailed vulnerability insight from CyberShark.
Update - 1/16/18: Added additional updated information related to patching.
Update - 1/23/18: Added new information from Intel about patching guidance.