Meltdown and Spectre – How to Handle the Phishing Scam and Other Problems

The most talked about hardware issue in the news right now is the “Meltdown” (CVE-2017-5754) and “Spectre” (CVE-2017-5753 and CVE-2017-5715) exploits. Nearly all the computers around the world are affected by one or both bugs. All the big-name software and hardware vendors such as Microsoft, Apple, and Google have been hard at work crafting a fix for this potentially damaging issue. Some patches are available while others are on the way.

Intel Meltdown

Meltdown allows malicious programs to gain access to higher-privileged parts of a computer’s memory. Spectre steals data from the memory of other applications running on a machine. Meltdown is said to be limited to Intel, but Spectre has been exploited on ARM and AMD as well.

While programs typically aren’t permitted to read data from other programs, malicious programs could exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs, which include your passwords stored in a password manager or your browser, personal photos, emails, instant messages and even business-critical documents.

Meltdown breaks down the most basic of walls between user apps and the operating system. It allows a program to access the memory of other programs and take its secrets. Spectre breaks the isolation between apps, allowing hackers to unexploited apps into leaking information.

What Happens to Your Data

When modern Intel processors execute code, the code reaches a pre-programmed point in the algorithm. Instructions branch out into two different directions, saving time by “speculatively” venturing down these forks. So, in other words, they take a guess and execute instructions to get a head start. If the processor learns that it went down the wrong path, it jumps back to the fork in the road and throws out the speculative work.

A hacker could trick a processor into letting their unprivileged code sneak into the kernel’s memory by using speculative execution. When the processor throws out the temporary data, it jumps back to the fork. Making data retrieval difficult. It does temporarily store this information in the computer’s cache. With some clever code and patience, a hacker could easily find and steal the data in the cache, giving them access to personal information, passwords, and more.

While Meltdown and Spectre require access to your system, hackers have various ways to gain access. Already hackers are using phishing emails to trick users into giving them access. They send out an email claiming to contain a patch for Meltdown or Spectre. Instead, the email installs malware on your system. This malware gives the hacker access to your system, allowing them to exploit the bugs and take the unprotected data.

Now What?

As an MSP or IT Services firm, how do you handle the inevitable influx of customers calling with concerns that their systems may be vulnerable? Techies like us understand how this works and how to avoid falling prey to a scammer looking to exploit this vulnerability. But what about the average business owner? Some things to keep in mind are:

  • First, vendors like Microsoft and Google are already rolling out patches for these exploits. Some antivirus software isn’t compatible with the new patch and could become an issue for some. Also, remember that antivirus doesn’t protect against this vulnerability.
  • Second, customers may notice that some services are running slower than usual. It may not be the sign of a bigger problem. It could be a side effect of the provider is taking steps to fix the problem. There have already been reports that cloud services may experience some slowdown to mitigate the issue. While it’s still too early to know exactly how significant the slowdown will be, some researchers are saying it could be as high as 30%.
  • Third, be wary of social engineering scams like phishing emails. Hackers are all too eager to take advantage of problems like this, and unfortunately, some people are so eager to fix the problem that they might not realize that the “patch” they just clicked on is now allowing a hacker to steal all their data.
  • Fourth, Spectre has been identified to affect ARM, AMD, and Apple chips, found inside the set-it-and-forget-it Internet of Things devices like iPads and smartphones, and where the Spectre issue might linger the longest.
  • Fifth, the information we have points to a human problem. Last summer the bugs came to light, but the news was broken suddenly this month when Google determined that someone may have been leaking the information. Which happened before patches were ready, so now manufacturers are scrambling to get the fix out.

Because the affected system needs malware running to use the exploit, there is still time to retrain customers on proper cybersecurity and training on how to spot phishing scams. This issue of Meltdown and Spectre potentially will be around for a while.

Share this post

Invotec Solutions IconInvotec Solutions

Unit 9/148 Chesterville Road, Cheltenham

5.0 7 reviews

  • Avatar Matt Wilde ★★★★★ 3 months ago
    Working with an education solutions expert such as Invotec has meant that we have had a collaborative partner every step of the way in the development of, not only our ICT network infrastructure, but also in determining how best to engage … More students, deliver content, and drive learning outcomes.
  • Avatar Daniel McNairn ★★★★★ 11 months ago
    Invotec Solutions is a great company. Working in the education field they have been great support when we have had technical issues that have needed high level solutions. I know they have worked throughout the Catholic Education system … More and have always delivered a high level of service and support. Very easy to deal with and friendly support.
  • Avatar Marcia Reynolds ★★★★★ 10 months ago
    Invotec were fantastic! Being a small business owner and IT illiterate, Invotec helped me to get up and operating without an issue.
    I now feel secure knowing that they are there to back me up.
  • Avatar Aaron Hawke ★★★★★ a year ago
    I had the pleasure of working with the Invotec Solutions Team for our Cyber Security requirements. They really know their stuff and my expectations were well exceeded. Thanks Guys, You made it easy!
  • Avatar Korin Roehm ★★★★★ 2 years ago
    Invotec has been a great partner to our company. They're very quick and responsive. If you talk to anyone there you know that they're very knowledgeable in the work that they do.
  • Avatar Jan Chapman ★★★★★ 4 years ago
    Invotec really know their stuff, a great company that want to provide the best service possible. I highly recommend them.

Get a Quote