We began 2018 with a real scare: Meltdown and Spectre, two serious vulnerabilities in the processors used by the vast majority of mobiles, computers and tablets in the world. And as if that weren’t enough, we’re going to finish the year with the same sensation.
The findings of nine academics are to blame here: last month they discovered the existence of seven new cybersecurity attacks via processors. Of these seven, two are variations of Meltdown, while the other five are variations of Spectre. According to the researchers, the vulnerability in this second case even managed to gain access through applications that were classified as safe.
Why is Spectre so dangerous?
Every cybersecurity vulnerability always entails a wide array of risks, but Spectre has several characteristics that make it particularly dangerous.
1.- Large scope. This vulnerability affects Intel, AMD and ARM processors, which make up a huge market share of processor manufacturers. In fact, Spectre affects computers that use Windows, MacOs and GNU/Linux, while on mobiles it can affect both Android and iPhone systems. What’s more, Spectre also affects on-premise servers and cloud servers. With this range of options, there are very few devices that are not affected.
2.- Possibilities of attack. If a cybercriminal exploits Spectre and gains access to a computer, even if they don’t have administrator permissions, they will be able to read the memory of any kind of process running on the victim’s operating system. They will also be able to steal a litany of information: credentials, emails, photos, a company’s confidential documents, among many, many others.
3.- Users… And companies. There are certain cybersecurity vulnerabilities that affect companies more than anyone else, since they use attack methods that work better on corporate IT structures. In the case of Spectre, however, we’re all within reach, regardless of whether we’re a company or a totally isolated user, since the affected processors can be inside any kind of device.
4.- Now it’s up to the users. When these vulnerabilities, which affected even recently developed computers, were discovered at the start of the year, every large company launched updates for their operating systems so that users and companies could apply a patch to avoid possible attacks. It is clear, however, that not everyone who was potentially affected heard the news, and even if they did, they may not have known to update their computers in order to avoid cybersecurity problems.
5.- Its activity is exponential. Spectre was discovered eleven months ago by Jann Horn and Paul Kocher, and so both the existing vulnerabilities and ways to exploit them have had time to spread. What’s more, upon accessing the memory of a device, Spectre can lead to new vulnerabilities, which means that the scope of possible cybercriminal activities using this route can be exponential.
In 2019 it will only grow
The trend of Spectre throughout the year is so clear that at Panda Security, we are convinced that it is not a transient, one-off situation. In our 2018 PandaLabs Report, we predict that next year, new vulnerabilities similar to Meltdown and Spectre will be discovered.
What’s more, in these two cases we see this same double situation: on one hand, until this year vulnerabilities like this hadn’t received as much research as vulnerabilities in other kinds of applications; on the other hand, its potential risks have caused a quite stir among researchers. If we put these two situations together, the outlook is clear: there will probably be more vulnerabilities like this, with the consequent risk that functional exploits will be developed that may end up in the hands of cybercriminals.
How to fight Spectre
Given the evolution of Spectre, it is impossible to overstate the predictions. Companies that want to protect their corporate cybersecurity must therefore design a series of action protocols based on two pillars:
1.- Updated workstations Updating the operating system is a good way of reinforcing it against cybercriminals. But in the case of Spectre, updating isn’t optional: rather, it is an obligation, since all the developers that have been affected have launched all kinds of patches to protect computers’ IT security. With Panda Patch Management you will have the security of always having the relevant patches installed. Our solution provides visibility of endpoint health in real time, in terms of vulnerabilities, patches or pending updates, and unsupported software (EoL), reducing the risks.
2.- Advanced cybersecurity solutions. Human action is essential, but never definitive, so companies must have cybersecurity solutions that are constantly monitoring what is happening on the network and on corporate devices. In this sense, Panda Adaptive Defense not only controls the permissions that each program has, guaranteeing that only trusted people have access, but it also evaluates in real time all running processes to act against possible vulnerabilities.
In a 2019 predictably marked by a significant increase in catastrophic vulnerabilities in processors, it is of vital importance that companies and institutions protect their cybersecurity. This is the only way they can avoid being victims of a new Spectre or Meltdown.