The headlines are still dominated by talk of Russia purportedly hacking our last presidential election and critical infrastructure and energy networks. Multiple incidents of cyber attacks on electrical grids in international countries have been reported and terrorists and cybercriminals have advanced beyond the basic tools of war.
In our own daily lives, personal computer owners around the world have been victimized by large-scale encryption attacks like the WannaCry ransomware breakout of 2017 and attacks against Yahoo and Target affecting hundreds of millions of users.
If the nightly news wasn’t already scary enough, now PC owners and businesses around the world are at risk of having their most sensitive financial and industry specific trade secrets stolen. Nearly every computer chip manufactured in the past two decades contains a potentially catastrophic vulnerability. In the never-ending pursuit of faster processing speeds, the market has been flooded with fundamentally flawed hardware.
Computers, smartphones, cloud servers and virtually every type of computing system may be affected by the Spectre ransomware. Meltdown is thought to exclusively cause damage to Intel computer chips. Although some patches exist for these problems, many of the available ones have had a negative effect on businesses by hampering system performance.
The vulnerability is exploited via "speculative execution and caching," a technique used to optimize system speed. Industry experts estimate that at least three billion chips in computers, tablets, and smartphones are vulnerable to attacks from Spectre and Meltdown.
There is a clear difference between Spectre and Meltdown, but they both share the ability to infect the chips installed on most devices around the world today. In layman’s terms, Meltdown steals data directly from a machine and its storage while Spectre steals data that is handled by other applications. This data may include passwords, documents, photos, emails, and even password management software. Spectre and Meltdown are a potential gateway to identity theft for individuals or can compromise a business’s intellectual property.
These vulnerabilities have been partially addressed by extensive patching to the kernel software loaded in computer operating systems like Windows and others. The unfortunate side effect of these patches is that they may hamper CPU performance, which affects day-to-day computing.
Considering how far reaching the effects of Spectre and Meltdown may potentially become, the Trump administration should consider possible fixes for military, public services, and emergency services networks.
Earlier this year, White House cybersecurity coordinator Rob Joyce claimed that when he headed the National Security Agency’s hacking division, that the agency didn’t know about the Meltdown or Spectre flaws. "Those would have been put into our Vulnerabilities Equities Process," Joyce stated, referring to a mechanism government agencies employ to share knowledge of existing computer security deficiencies with the American people.
There are some other known patches for what cybersecurity firms have created as proof-of-concept samples based on these vulnerabilities. In addition to Microsoft designing a free Spectre and Meltdown assessment tool for IT professionals, Oracle’s first critical patch update for 2018 included fixes for Meltdown and Spectre. As an open source software, Linux programmers have been doing their work transparently via open exchange, rapid prototyping, meritocracy, and community-oriented development collaborative participation.
In January, Intel confirmed that their firmware patches had been causing a higher number of reboots on Broadwell and Haswell chips. Intel released this information after The Wall Street Journal revealed Intel had quietly told some customers to defer installing its patches due to known bugs.
Navin Shenoy, executive vice president of Intel’s Data Center Group, offered in a recent blog post, "The security of our products is critical for Intel, our customers and partners, and for me, personally. I assure you we are working around the clock to ensure we are addressing these issues.” He also added, in response to many customer inquiries of the Spectre ransomware, "We continue to urge all customers to vigilantly maintain security best practice and for consumers to keep systems up-to-date."
Although many industry leaders are working towards a resolution between operating system designers, chip manufacturers, app creators and hardware original equipment manufacturers (OEMs), to get all available protections, hardware driver and other software updates are regularly required.
Whether or not the attack that many speculate is a foregone eventuality happens in 10 hours, 10 days or 10 months from now the government, private citizens, and businesses both large and small need to stay on top of changes that can prevent infiltration of virtually every computerized device currently in use.
Originally posted on Newsmax.com as Article titled: Everyone Still at Risk Thanks to Ransom and Malware | Newsmax.com
Urgent: Do you approve of Pres. Trump’s job performance? Vote Here!