Spectre, Meltdown, and Cybersecurity

As technology becomes an ever growing part of our daily lives, new cybersecurity threats are an inescapable growing pain. Last year, ransomware crippled healthcare organizations in Europe. This year – only a few days in – even bigger threats have been discovered that potentially affect almost every person who owns a PC or a cell phone. When businesses face a cyber-threat of this magnitude, they need experts to turn to for guidance and protection. Fortunately, Ingram Micro is the best in the business when it comes to cybersecurity, offering a security suite of services that are second to none.

What is Spectre and Meltdown?

Spectre and Meltdown are exploits of efficiency processes that CPUs use to offer better performance. For example, when a program is executed on a computer, the system has to find the right information to give to the CPU to process. Obviously, this takes some time, during which the CPU remains idle while the right information is being fetched. However, modern high-speed CPUs try to make use of the idle time by guessing what the information is going to be. Based on that guess, the CPU will begin executing instructions until the system finally reveals the information it was retrieving. If the CPU guessed incorrectly, then the execution is discarded, but if it guessed correctly then the user experiences a significant performance boost. This function is called “speculative execution”.

Spectre is basically the process of exploiting speculative execution to reveal potentially sensitive information. Spectre tricks the CPU into purposefully guessing incorrectly and executing specific instructions in order to leak targeted data. Since the CPU is designed to guess incorrectly, incorrect guesses are ignored and most likely won’t be flagged by any local safeguards.

“Out-of-order execution” is similar to speculative execution in that it makes use of idle time by executing instructions that the CPU has determined are farther along a sequence of instructions. Unfortunately, the CPU isn’t always correct, but in those cases the CPU will simply discard the information it looked up.

Meltdown is the process of exploiting out-of-order execution. Data fetched by the out-of-order execution lookup can be transmitted out of the computer system to be viewed by the public using a covert channel built into architecture of the CPU. As such, the vulnerability is very difficult to detect.

How many systems are affected by Spectre and Meltdown?

Ostensibly, every device with an Intel, AMD, or ARM CPU is vulnerable. These chips are used by all of the major technology companies, like Apple, Google, Microsoft, Amazon, and more. Furthermore, the vulnerabilities include servers, which means cloud-based services, like AWS and One Drive, are at risk though services like these are already being patched.

Currently, there is no evidence that either of these exploits have been used in any significant way. Now that this information is publicly available, however, a rise in attacks using these methods is expected.

What protection is available against Spectre and Meltdown?

In order for Spectre and Meltdown to exploit a system, the system must first be breached and malware installed. To prevent that, run security software regularly to ensure your systems are not affected by malicious programs. Also, be vigilant about not clicking on links in phishing emails. These kinds of emails are the number one way hackers breach computer systems. Finally, make sure that all software and operating systems are up-to-date.

At the time of this writing, Microsoft has already created an emergency patch for Windows 10 users using version 1709 (Fall Creators Update). This patch is labeled Security Update for Windows (KB4056892). The patch can be installed automatically via the Update & Security feature in Windows or manually by visiting the Windows Update Catalog page.

Protect yourself and your customers with Ingram Micro IT Security

Cybersecurity is a critical part to any successful IT solution. Your success depends on delivering an integrated approach to security that resolves complex and relentlessly changing security challenges. The Ingram Micro cybersecurity team takes a systematic approach to providing services, solutions and support at every step of the security sales cycle, from professional services — including PEN testing and network assessments — to extensive licensing and marketing development groups, right through to the post-sales technical support team.

Contact us today!