Why Are Meltdown and Spectre Such A Big Deal for Enterprises?
Apr 18, 2018 | 42Gears Team
IT departments across the world were in shock when Meltdown and Spectre hardware vulnerabilities were discovered. These are the names of vulnerabilities that affect most computer chips manufactured in the last two decades. Essentially, they expose critical vulnerabilities in modern processors to malicious programs for data theft. Malicious programs can use Meltdown and Spectre to capture sensitive corporate data stored in the memory of running programs such as passwords, photos, emails, messages and even business-critical documents. Meltdown and Spectre can affect personal computers, mobile devices, and even the Cloud.
Meltdown and Spectre are prompting security experts to predict that malicious actors will be quick to incorporate the microprocessor exploits into their cyberattack arsenals. This is undoubtedly an alarming development as the exploits make it easier for attackers to obtain domain administrator details or other high-value credentials. They also help attackers build a map of kernel memory layouts, which in turn could be used for further attacks.
Understanding Meltdown and Spectre in Detail
Meltdown is a vulnerability specific to Intel processors. It creates cache loads in locations as per content illegally referenced by the kernel memory, allowing user processes to capture the contents.
On the other hand, Spectre is not manufacturer specific. It makes use of conditional logic to teach the system to anticipate application behavior incorrectly. Spectre basically constitutes a covert channel by tricking the system to break process isolation, and temporarily implement instructions that generate observable effects. This flaw can affect nearly all modern processors.
What Enterprises Need to Know About Meltdown and Spectre
The memory access provided by Meltdown is the most immediate threat to enterprises. Meltdown also makes it easier for attacks such as Rowhammer, which carries out a specific sequence of memory operations to flip memory bits. Meltdown allows attackers to exploit vulnerabilities that were previously moderated by kernel address space layout randomization (ASLR), putting enterprise security in jeopardy. But thankfully, Meltdown is fixable with software updates. Intel, Microsoft and Apple have developed operating system-level fixes for Meltdown for Linux, Windows and macOS respectively. Without patching systems, the data viewed, processed or transferred by an organization is at risk.
Unfortunately, Spectre cannot be fixed with software updates, making it a far bigger problem for enterprises. The risk of Spectre can only be minimized with microcode updates. Enterprises should also recompile in-house applications with the help of Retpoline, a binary modification technique introduced by Google that protects against branch target injection attacks.
The nature of the software updates required to fix Meltdown and Spectre can affect the performance of enterprise computer systems. Multi-tenant systems and applications that rely mainly on kernel-level system calls are suspected to be most affected. Thankfully, the impact is less likely to occur on enterprise desktops, laptops, mobile phones and tablets that run user-focused applications such as word processing software, messaging apps and web browsers.
How to Safeguard Against Meltdown and Spectre Security Flaws
Close Web Browsers – Apart from sending patches for operating systems, enterprises should also safeguard against external attacks. For example, Spectre attacks can also be run from Javascript executed by a web browser. To deal with these problems, Apple has released updates for iOS and Mac to block Spectre exploits through the Safari browser. Google has also provided a patch for Chrome.
Implement Multifactor Authentication – Enterprises should incorporate multifactor authentication to prevent attackers from stealing passwords.
Update Alternate Software – Alternate software being used on the system can also be an easy avenue for hackers to attack the Spectre CPU flaw. This can be especially worrisome for software that are deeply integrated with the operating system’s kernel. It is necessary to apply new software updates released in the coming weeks immediately, especially if the software ties with the hardware.
Keep Antivirus Active – Though traditional antivirus won’t be able to detect a Meltdown or Spectre attack, it is still necessary to ensure they are kept active. This is because attackers usually test these exploits by injecting and running malicious code on the system. Keeping security software installed and active on the system helps to keep malware and hackers off your computer.
Even after updating OS patches, there is always the chance of residual Meltdown and Spectre risks. Fortunately these risks can be mitigated by using high-quality endpoint protection solutions such as the 42Gears UEM, which can be used to ensure upgrade of OS patches, pushed automatically to devices enrolled under Purpose Built Solutions.
Get better equipped to handle Meltdown and Spectre with 42Gears UEM. Click here for free trial.