CompuClever Blog

Spectre and Meltdown: Massive Security Holes Impacting All Mac and PC devices

by

Just as we start a new year, there are new computer vulnerabilities identified by researchers. The impact of these defects could be experienced by almost any computer worldwide! The implication – millions of devices could be vulnerable to hacking or, if patched, suffer some degradation in speed.

The identified flaws are in the very core of the computer hardware – the CPUs or also known as the processors.

About The Defect

The two newly identified defects have wide ranging impacts on devices from the phone you are carrying to the servers that send data to it as well as other mobile devices, laptops and desktops whether PC or Mac. The vulnerabilities enables hackers to access people’s personal information.

Google’s Project Zero team states that these flaws can enable hackers to gain passwords and other sensitive data from system memory.
The two flaws are known as Spectre and Meltdown.

Meltdown: Named this way because it melts security boundaries which are normally enforced by the hardware. This was found mostly in Intel processors (as far back as 1995). Also ARM has reported their processors are affected, but it is unclear at this time if AMD processors are affected. This vulnerability can be patched through an update. However, this fix could slow down computers as much as 30%.

Spectre: The name is derived from the root cause: speculative execution. It is not easy to fix – it requires a re-design of computer chips – so it is likely to haunt us for some time to come. This defect was found in Intel processors as well as AMD and ARM chips. While this flaw is harder to exploit for hackers, it is also more difficult to mitigate for users.

For more information on these we highly recommend going to: https://meltdownattack.com/

The Impact

Google engineers discovered these flaws and had kept the news a secret to enable time for fixes to be created and issued before other computer hackers could take advantage. However, Intel was forced to disclose as the story received coverage when a British tech website, The Register, uncovered it. This led to a drop in Intel’s stock.

These flaws have wide ranging impacts on all types of chip-based devices including cell phones, laptops and desktops – whether PC or Mac.

According to researchers:

“While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs,”[1]

News reports are emerging that any computer made over the last 20 years could be impacted and that fixing the issue could cause significant disruption around the world. So in a nutshell, it is almost certain that your PC is affected, especially if it uses an Intel based chip.

Companies such as Amazon state they are in the process of creating and distributing a fix for their services and devices. They made a statement: “This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices.”[2] They further stated that most of its infrastructure had now been made safe.

However, for older computers the update could be more difficult. Many devices have few updates as phone makers are slow to provide updates.

Risk Mitigation

It is not safe to work with sensitive information given there is a chance of leaking information if your device has a vulnerable processor and runs an unpatched operating system. This is applicable to personal computers and anyone using cloud infrastructure.

To deal with these defects you will need to update your software as patches become available.

Unfortunately, with older computers it may be harder to update. For many devices – especially those running Android – updates are few and far between since phone makers are often slow to provide their customers with new updates.

According to the Meltdown site:

There are patches against Meltdown for Linux , Windows, and OS X. There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre.

There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre.

The site goes on to explain that unlike usual malware, Meltdown and Spectre are hard to distinguish from regular benign applications. However, your Antivirus program may detect malware whichuses the attacks by comparing binaries after they become known.

We highly recommend that you ensure using a legitimate and effective Antivirus program such as: CompuClever Antivirus PLUS.

Brace for a Slowdown

To add salt to the wound, your device could be slower after you have made it safer from hacks. Hard to imagine – you fix your device and it actually results in a slowdown!

Intel says the average computer user won’t experience significant slowdowns after receiving the fix.

However, there are news reports[3] that state fixing these defects will slow performance – especially for devices more than five years old. And for companies that deal with considerable network traffic and processing power the slowdown could be even more severe. This includes cloud computing providers, systems that crunch data, and retailers that process consumer transactions.

Was there ever a time that having your PC running at peak performance was more critical?

Which brings us to our second recommendation: CompuClever PC TuneUp Pro – not only will you find areas of improved system performance you can also better manage security of sensitive data.

Moving Forward: There are reports[4] that point out that some experts are saying the affected processors will need to be replaced entirely in order to completely get rid of the risks created by these flaws. We can’t foresee newly designed chips replacing flawed ones in existing devices in the near future.

At present, there are no available processors that can replace the vulnerable ones and still provide the same kind of functionality. It will be years before new chips that can perform the same tasks safely and effectively, will be made available.

During the wait we need to take whatever measures we have that are at our disposal, to remain safe and to ensure the best performance we can manifest.

[1] https://meltdownattack.com/

[2] https://aws.amazon.com/security/security-bulletins/AWS-2018-013/v1/

[3 & 4] http://money.cnn.com/2018/01/04/technology/business/apple-macs-ios-spectre-meltdown/index.html

Don’t be Held at Ransomeware

by

 

With two prominent malware attacks occurring back-to-back during the past two months, you’re likely familiar with the term  – “Ransomware” – a cyber-crime gaining worldwide attention. In this article we explore ransomware in depth and offer recommendations and instructions to prevent it from happening and to protect your PC.

Ransomware defined:

You can think of ransomware as “data kidnapping”. It is the result of a malware attack that blocks access to a user’s PC data. Once infected, the attackers try to force you into paying money so you can regain access. In some cases there is a threat to publish or delete the data unless the ransom is paid. Data and access is blocked by using strong file encryption.

Computers can be infected whether at home or in the work environment. This includes PCs on an enterprise network or government agency servers.

Some ways of infecting your PC include:

  • Surfing to unsafe or fake websites.
  • Opening emails and email attachments from unknown sources.
  • Opening malicious links in emails, Facebook, Twitter, and from online chat apps such as Skype.

The two main types of ransomware are: Lockscreen and Encryption.

  1. Lockscreen ransomware prevents you from accessing your PC or files and instead displays a full-screen message saying you have to pay a ransom to regain access.
  2. Encryption ransomware prevents you from opening your files by encrypting them. The encryption is very strong (uses an AES-256 “military grade” cipher algorithm), and would take an estimated 3×1051 years to crack. Also, a unique encryption key is generated for each infected computer so you can’t just get someone else’s key.

Note: There are older versions of ransomware that display false messages such as claiming you have performed an illegal activity with your PC. They then state you are being fined by a police force or government agency. We want to stress that these claims are false and can be considered a scare tactic designed to extort money from you.

What is the result of the attack?

While there are various forms of ransomware, all of them prevent you from performing normal PC functions. This includes:

  • Getting locked out! Preventing you from accessing your operating system.
  • Blocked access to files! Files are now encrypted and you can’t access them.
  • Disabled apps! Certain programs (like your web browser), are no longer able to run.

What about the ransom?

Some ransomware attacks involve the victim having to pay money while some make you complete a survey. Payment of money is performed online and sometimes involves the victim having to pay in Internet currency Bitcoins. Due to the nature of those that commit these cybercrimes – there is no guarantee that your data or PC will return to the pre-attack state.

How much do they extort?

Symantec gained access to a malware server in 2012. This provided them first hand insight of the ransoms that were paid out. In a single day 5,700 computers were infected and 2.9% paid the ransom. This comes out to approximately $33,600 for one day.

“Given the number of different gangs operating ransomware scams, a conservative estimate is that over $5 million dollars a year is being extorted from victims. The real number is, however, likely much higher.”[1]

Recent Ransomware attacks…

WannaCrypt; May 12, 2017:

Many users around the world were victims of the malicious “WannaCrypt” software attack which has been considered one of the worst and most widespread cyber-attacks. More than 230,000 computers in over 150 countries were affected. All files on infected PCs were locked and the demanded ransom was 300 dollars in bitcoins.

Interestingly, people running Windows 10 were not targeted by the attack. Despite this, this attack was serious as evidenced in the steps Microsoft took. They took a highly unusual step in providing a security update for all customers to protect even the Windows platforms that are in custom support only. This includes Windows XP, Windows 8, and Windows Server 2003.

Supported versions of the operating system (Vista, Windows 7, 8.1, 10, etc.), have access to the security update MS17-010. If users have automatic updates enabled or have installed the update, they are protected. Microsoft states[2]: “For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010“. They go on to state that this attack may evolve over time and additional defense strategies are warranted.

Petya; June 27, 2017:

Companies across Europe and the US were affected by the ‘Petya’ ransomware attacks. Infected computers displayed a message demanding a Bitcoin ransom of $300. Victims were unable to unlock their computers even if they paid the ransom.[3] The instructions included sending confirmation of payment to an email address. However, that email address was shut down by the email provider and there was no way to contact the attacker for a decryption key to unlock their computer.

This ransomware attack exploited the same Microsoft exploit as WannaCry – the vulnerability known as EternalBlue. Even with the patch, this cyber-attack has two other ways to spread within an organization focusing on the network administrator’s tools. Experts believe the initial infection is suspected to have been delivered through email (as with WannaCry).

If Infected With Ransomware:

You are a victim of a ransomware infection once you see some form of ransom demand appearing in a dialog window, an app, or a full-screen message. Unfortunately, this demand is displayed after encrypting your files or disabling some part of your PC.

Before you try to recover your files, Microsoft suggests trying to fully clean your PC with Windows Defender Offline. After this you can try to Backup and Restore in Windows.

We fully agree with Microsoft: “Do not pay any money to recover your files. Even if you were to pay the ransom, there is no guarantee that you will regain access to your PC or files.”

If You Already Paid:

If you paid the ransom, contact your bank and local authorities immediately. Your bank may be able to block the transaction and return your funds if you paid with a credit card. Inform your bank if you did submit credit card details to the cyber thieves.

We suggest you also contact the following government agencies that deal with fraud and scam reporting:

Prevention:

There are safe measures you can take to lessen the impact of attacks and failures and there are ways to prevent malicious attacks from crippling your PC and network.

  1. Keep a current back up of your data files (images, video, documents and music).
  2. Keep your Windows install up-to-date with the latest Windows security updates.
  3. Keep your antivirus program up-to-date. We highly recommend a reputable AV program with active subscription (one that keeps up to recent malicious attacks). We invite you to check out the performance and protection offered by CompuClever Antivirus PLUS.
  4. Do not open email links or files from a sender you do not recognize. In many cases you can recognize a fake email and webpage because they have bad spelling or look unusual.
  5. Be careful where you surf on the internet especially with less reputable sites. There is a greater chance of contracting a malware virus. Quite often unsafe sites can look convincing and have only subtle differences.

Microsoft states[4]: “Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).”

Stay Safe:

Hundreds of millions of emails that include a ransomware attachment are being sent out every month. Many of these are being blocked and software vendors are working hard to shrink security holes and fix this ongoing cyber-crime.

As can be seen with the information provided here, staying informed, taking precautions, and using safe practices can help prevent you from getting an infection that could save you time and your data. If you require further information on this subject we recommend Microsoft’s Ransomware FAQ page.

[1] http://www.symantec.com
[2] https://blogs.technet.microsoft.com
[3] https://www.theguardian.com
[4] General information on ransomware