For the past week, the news has been filled with mentions of Meltdown and Spectre. These ominous names were given to two separate hardware vulnerabilities
discovered in millions of the processors used not only in personal devices (e.g. laptops and tablets) but also in the servers behind business-critical
While the situation is dire, the key to avoiding a Meltdown or Spectre attack against your company is education. Knowing how the vulnerabilities work and how they affect the hardware devices and cloud services your business relies on will help you protect against these specific cyberattacks.
Why Meltdown and Spectre are so scary
Using the most basic terms, hackers can use Meltdown or Spectreattacks to bypass the barriers between software and hardware to take control of your devices. Because both Meltdown and Spectre attacks target hardware vulnerabilities, the fix must be physical rather than virtual. For example, hackers are always looking for a way to get into your devices through vulnerabilities in the software you use because software is virtual—the hacker does not need physical access to your device. But if hackers finda way to exploit a previously-unknown vulnerability in a software application, then the software developer can release an update to the software that instantlynegates the vulnerability.
However, the Meltdown and Spectre vulnerabilities are physical because hackers can exploit a flaw inside the hardware of a computing device. So that means these cyberattacksare more difficult to fix without replacing the hardware inside a laptop or server.Spending your already-limited IT budget just to replace every desktop, laptop, and tablet in your company is obviously not a realistic solution. Even if you did replace all of the laptops used at your company, the vulnerabilities also affect the servers that deliver cloud services to your laptops—and those cloud-based servers are out of your control.
What devices are affected
When combined, the Meltdown and Spectre attacks exploit hardware vulnerabilitiesfound in basically every modern computing device. That includes smartphones, tablets, and cloud servers from all vendors and running almost any operating system.
Meltdown affects Intel processors manufactured since 1995. So, any PC or Mac you purchased in the past twenty years is vulnerable to a Meltdown attack. Thereis some good news here, as not all Intel chips are affected. The bad news is that those excluded from Meltdown are the high-end(and discontinued) "Itanium" and low-end "Atom" tablet processors.
The hardware vulnerability behind Spectre affects processors made by Intel along with AMD (although AMD claims there "is near-zero risk to AMD products at this time"). Not only are all PCs and Macs affected by Spectre, the mobile devices such as Android and iOS smartphones and tablets that use processors designed by ARM arealso at risk. The good news here is that Spectreis harder for hackers to exploit.
How you can protect your business against Meltdown and Spectre
Most companies with either hardware or software affected by Meltdown attacks have acted quickly to mitigate its effects. Top cloud vendors Microsoft, Amazon, and Google have all applied patches to the Linux and Windows operating systems to make it difficult for hackers to even attempt a Meltdown or Spectre attack against their services. So, if your business has Microsoft Office 365 or cloud-based email such as Outlook or Gmail, then your risk for Meltdown or Spectre attack affecting them is minimal.
To avoid Meltdown or Spectre attacks against the devices used by individuals at a company, whether provided by the company or part of a bring your own device (BYOD) plan, you must apply software patches immediately:
- For Microsoft Windows devices – Install the Microsoft security updates that were released on January 3, 2018. See Microsoft Security Advisory ADV180002 for detailed patch installation instructions and background information for IT professionals
- For Apple macOS devices (e.g. Apple MacBook and iMac) – Click the apple icon in the top left of your desktop menu, select About This Mac, and check if your version number reads "macOS 10.13.2" or greater. If not, then click the Software Update button to install the security patch
- For Apple iOS devices (e.g. Apple iPhone and iPad) – Go to Settings > General > Software Update to install the iOS 11.2 update with the appropriate security patch. Read the Apple Support bulletin for more details
- For all Google products (e.g. Chrome browsers and Android devices) – Instructions for installing various updates are available in a Google Security Blog post
Installing these software patches will help mitigate potential Meltdown and Spectre attacks against your company, but the only fix that will 100% stop the attacks requires the various hardware vendors to redesign their processors. Hardware redesigns take time, so don't expect to replace your laptop or tablets with these new secure devices in the next year or two.
Choose Amaxra to help you get secure and stay secure
Because you can't replace all of your hardware, education is key to mitigating the risk of Meltdown and Spectre. Amaxra can help you with employee training, securing your business systems, and other protections to make sure you don't get hacked and the personal information of your customers stolen from you.
Email firstname.lastname@example.org or call 425 749 7471 today to connect with one of our cybersecurity experts.
Contact us at email@example.com or call 425 749 7471 for a no-obligation consultation on how we can help you get more value from your software investment.