Don't Have A Meltdown Over Spectre
The world has been informed of Spectre and Meltdown. Spectre and Meltdown are hardware flaws and/or vulnerabilities that allow an attacker to run unprivileged code to read from privileged memory. Due to Spectre and Meltdown being hardware flaws there are alarms and red flags running wild. Three things to consider to block malware from exploiting these vulnerabilities.
THREE THINGS TO CONSIDER AS YOU DEFEND AGAINST THIS THREAT
- Access to the machine: An attacker can utilize the vulnerabilities by injecting malware, it will still need to gain access to the machine and execute like any other malware.
- Multi-Layered Security: To complement pre-infection defenses, like NGAV, we suggest deploying post-infection protection capabilities, like enSilo’s endpoint security agent. enSilo software has full kernel level visibility on the endpoint and can detect malware threats, that utilize Spectre and Meltdown vulnerabilities, in a real-time basis.
- Patch Systems: Install Kernel Page-Table Isolation (KPTI) patch on all Windows, Linux, macOS and other systems.
“Spectre and Meltdown are Vulnerabilities”
Spectre and Meltdown are vulnerabilities (to understand the difference between exploit, vulnerability, malware and evasion, check out our FAQ.) Spectre and Meltdown are raising great concerns to all industries due to the vulnerability affecting all servers, workstations on mobile systems and operating systems like Windows and Linux. Malware that attempts to leverage this vulnerability will still need to gain access to the machine and execute like any other malware.
Opinion® What did we learn?
- Responsible disclosure and cyber security ethics
Spectre and Meltdown are vulnerabilities that were released prematurely to having a patch fully prepared. The recent development of events clearly show how we all became victims of irresponsible giants war in a non-regulated responsible-disclosure ecosystem, that lead to jeopardizing billions of devices. It’s time to put an end to the war and regulate. The disclosure party needs to comply and the responder party needs to respond in a timely manner, it’s that simple.
- The attacker goal and the defender means
The reality is that infections are inevitable. Just look at the the recent eight months plagues: WannaCry, NotPetya and now the about to be Meltdown and Spectre related exploitation. We can’t stop them from coming in, we need to adjust.
An easy analogy could be related to the flu season. Preventive measures we make to reduce the risk of being infected with the flu is to wash hands frequently, stay hydrated, get plenty of rest and have a flu shot, which tries to predict what viruses will be most predominant during the upcoming season based on the last one. This by no means is a guarantee that we will not get the flu. Infections occur no matter how prepared we are. The key is post-infection protection. Let’s face it the flu shot that is being promoted by the CDC is not 100% effective and immune systems are still being compromised. How will we survive the flu?
Be prepared to address the challenges for any potential infections including: Having preventive security measures in place; Keeping good cyber hygiene; Reducing the risk of being infected by deploying an effective endpoint security protection with post infection protection. No matter what, infections occur. Real-time methodology is key.
- The flu shot - Pre-infection protection allows good cyber hygiene by installing an NGAV. Vulnerabilities, evasion techniques, business flaws and other plagues will bypass.
- Preventing the data consequences is the key - Post-infection protection allows a compromised device to continue operating, blocking malware with data breach or tampering intent or malicious activity that may be trying to connect to an external command and control. By end of day, these consequences are the real issues that keep us all awake at night. Start there to win the game.
Sweet dreams free of spectres.