The Good, The Bad and The Ugly about Meltdown and Spectre

Cybersecurity gets more complicated by the hour. The latest cyber-threats recently deemed “Meltdown” and “Spectre” have the potential for epidemic status. In this article, I hope to explain the ramifications of the cyber-threats in non-technical terms for all to understand and prepare for. Before I can break down the news, it will help if you understand the basics of how the exploit works.  In the most general terms, this exploit can allow access to the kernel memory of your CPU (also known as “chip,” these are the brain of each and every computer out there including the one you are reading this article from).  Essentially, this makes every IoT (Internet of Things) device vulnerable to this exploit.  The potential for data breach via this exploit is present.  When it comes to news about the latest vulnerabilities, we can break it down into the good, the bad and the ugly.

The Good News

Surprisingly, there is some good news.  First, as of this writing, there have been no reported data breaches due to this exploit.  At least 4 independent cybersecurity researchers reported this exploit in 2017.  Microsoft recently made information about the vulnerability public as it started to roll out a patch to counteract these threats.  Second, the patch is coming in the next few days or weeks.  Third, this is not WannaCry so it is not going to spread across the globe in a matter of hours. The nature of this vulnerability is very complicated to exploit.  Fourth, information is still trickling out about Meltdown and Spectre so the full ramifications are not yet known.

The Bad News

When it comes to bad news, there is quite a bit.  First, because the vulnerability is found in the CPU, it is widespread across all IoT devices.  Every IoT device has a CPU.  You are currently reading this from a device that is vulnerable.  The ramifications of this could reach epidemic status. Second, as the information about this vulnerability gets spread, cyber-criminals ability to exploit it will evolve.

The Ugly News

The ugly news involves the patch itself.  First, the patch will likely change the performance of your computer.  One researcher predicts an approximate 20% drop in speed due to the way CPU’s access data.  Second, incompatibility issues exist between the patch and antivirus programs. The “Blue Screen of Death” has occurred to devices where the incompatibility exists.  Loss of data often occurs as a result.

Recommendations:

1.  Call for Backup!

If you don’t already have your data backed up somewhere, please make sure you do before you patch.  The cost of backup rarely exceeds the cost of data loss. After a blue screen of death occurs, data recovery gets much more time consuming and cost prohibitive.

2. Patch management.

We minimize your worries about patching by testing the patches before we apply them.  We only schedule the patches to occur after we are confident that they are safe.  Also, we can roll out the patches on individual devices to prevent site-wide outages.

3. Hire A Better Choice Network Solutions

Cybersecurity is getting more complicated every day.  Keeping up with the latest exploit and vulnerability is our job.  Securing your business against the threat of cyber-criminals is our passion.  Call A Better Choice Network Solutions now at (813) 605-7251 for a free consultation.

If you are interested in more technical information about how Meltdown and Spectre work, check out this article on wired.com.

 

Be sure to follow us on FacebookTwitter, and LinkedIn for updates and news on cyber-security and technology.



2 Comments

Leave a Reply