Two new cybersecurity threats have been reported this week.
Codenamed Spectre and Meltdown, the vulnerabilities apply to virtually every modern computer and operating system we know. Despite this scale, don’t be alarmed by hyped reports yet - there are steps you can take to protect your business.
Researchers working on Google’s Project Zero discovered the serious security flaws, which lie within a piece of hardware in your computer.
The Central Processing Unit (CPU) is a vital part of your computer - the ‘brain’ of your machine.
Meltdown is an issue with Intel processors manufactured since 1995, while Spectre affects more modern processors built by Intel, AMD and ARM.
These names represent virtually all processors manufactured and used in modern computers, laptops and mobile devices.
Should I Be Worried?
These vulnerabilities could be leveraged by hackers to access your machines and steal sensitive data, including financial data, personal customer details, passwords and any other confidential business data.
The story has gained traction for its global scale. Researcher Daniel Gruss, part of the team who originally discovered the vulnerabilities described Meltdown as ‘probably one of the worst CPU bugs ever found’.
That being said, at time of writing there has been no known impact and no exploitation has been reported, so some intelligent security steps should keep you protected.
What Do I Need to Do?
The simplest and most effective thing anyone can do now is ensure your machines are up to date with the latest operating system updates and keep an eye out for specific patches issued by your manufacturer and your operating system administrator.
You should also reach out to your hosting provider and ask them if you are affected, particularly if you rely on a smaller provider.
This is a hardware flaw impossible to have been predicted, but it does highlight the need for robust security protocols.
A strong network infrastructure and regular security reviews mitigates any ongoing risk of breaches. Make sure your systems are malware-free and regularly updated with the latest security patches, and monitor your systems for any abnormal activity.
Consider moving to a large-scale service provider such as Amazon Web Services for reassurance that any vulnerabilities that arise in the future will be quickly dealt with.
For now, no high impact exploitations have been reported so there’s no need to panic.
We'll update this piece as the story develops.
Update - 18/01/2018
Discerning Digital DevOps Engineer James Brown offers this on the latest developments on this story:
"Reports are surfacing that patches are impacting on performance and slowing down machines by as much as 30% in some cases. Unfortunately, this is to be expected and installing patches is still the recommended course of action, to plug the issues and keep your systems secure.
"We're also hearing reports of people downloading fake patches that can open your machine up to further harm. The only fix you should install should be issued by your supplier or manufacturer, and ignore any suspicious emails or social media links."