By Patrick Gebhardt • Feb 26, 2018
Spectre and Meltdown: What’s Left after Everyone Panicked for a Moment?
All these Spectre and Meltdown security risks remind me of Bill Maher jokes: you don’t know if you get them, but at least you know you’re not laughing. Maybe it’s not as dangerous as everyone thinks. Or maybe it is? What we do know is that there are now almost 140 different malware samples trying to exploit the Meltdown and Spectre processor gaps. It’s hard to determine whether this has led to concrete attacks on users; however, it is highly probable that there haven’t been any such attacks. Also, we know the history of the whole mess, but what don’t we know? Everything else.
Almost 2 months after everyone with a keyboard and fingers told the internet about their fears of Spectre and Meltdown, the majority of hardware manufacturers and security researchers are still working on the issue. While manufacturers, including Intel, are busy developing and delivering patches, security researchers of all kinds are already writing malware exploits. The fact that not everything is running according to plan with these attempts also fits into the picture. Intel is currently being sued by more than 30 groups for the Meltdown and Spectre vulnerabilities but instead of resolving the security gaps and clarifying them, Intel created additional chaos at the end of January. Because updates on certain older computers led to crashes or unnecessary restarts, the chip giant now advises against installation. Meanwhile, other PC manufacturers had already processed Intel’s rework attempts to BIOS updates. And many of these vendors are now taking down the updates from their websites again. There are also several Linux distributions that are withdrawing their fixes.
More and More Malware, but Real Attacks Are Unknown
The nearly 140 different malware versions, which are supposed to attack the gaps, are based on the known proof-of-concept code and target Windows, macOS and Linux. They come from security researchers, so they were probably written for testing purposes, or they come from anti-virus vendors who, in turn, received them from their customers. The great number of samples is explained by the fact that the malware or exploit writers are already busy determining whether the gaps can somehow be exploited to steal data. Realistically, you can only expect an attack via a browser, at least for now. Users should therefore always keep their browser software up to date. Other methods of attack seem to be too complex, and therefore too cost-intensive, for the less resourceful writers of malware.
What Constitutes a Crime?
So I ask myself: what are we talking about here? A potential danger? Well... alright. An attack on end users and businesses? Not for the time being. Based on our current knowledge, there is no evidence of concrete attacks on users. The firewall manufacturer Fortinet, which has been alerting its users to the danger, apparently has no concrete evidence of attacks. The company also makes no mention of foiled attacks on customers, nor are we aware of any authentic emails with malicious code attachments that would have been sent to victims and that exploit Meltdown or Spectre gaps for attacks.
Make Sure Your OS Is Up to Date
Intel is now expanding its Bug Bounty Program to detect and eliminate security vulnerabilities sooner. From now on, the so-called Side Channel Vulnerabilities will be announced until the end of the year with a reward of 250,000 US dollars, all other found bugs or exploits will be rewarded with up to 100,000 US dollars. In addition to the increased premiums, the program is also set much more openly. However, Spectre and Meltdown have once again made it clear how painful the technical dependence on a few suppliers can be. So what are we left with? Same advice as a few weeks ago: keep your operating system and your browser up to date. This is the best approach to combatting the phenomenon of Meltdown and Spectre; if anything changes, you will hear from us immediately (and subscribing to our blog would be another smart move). Also, your PRTG installation will run as smoothly as always if you make sure your operating system has all the latest security patches installed.