5 January, 2018
Over the past few days, two vulnerabilities have been known, both for their criticality and the volume of affected devices, highlighted by their high level of impact. These security bugs have affected microprocessors from some of the most important companies in this sector, highlighting the need to protect at all levels each of the components that make up our team. In this sense, Vector ITC Group, technology group 100 of Spanish capital, warns of the need to have the necessary security tools to deal with such vulnerabilities.
“During 2017 we were able to witness some of the most relevant cyberattacks in recent history, so we are fully aware of the importance for companies to have security systems that protect us from external threats”indicates Ivan Lastra, head of cybersecurity at Vector ITC. “So 2018 is shaping up to be the key year in which companies have to step up in terms of cybersecurity,” he adds.
Meltdown and Spectre, as these vulnerabilities have been dubbed, have a common denominator: they attack the processor so that they can access any other area of the computer’s RAM. In this way, the need to protect the processor is manifested, since, in case of exceeding that level of security, it serves as a portal for access to all the information that is being used. Because of the relevance of this fact, one may wonder how these vulnerabilities have accessed information and what levels of security they have left behind.
First of all, all running programs are in RAM, as well as the data entered in them (passwords, credit cards, etc.). These memory zones are isolated through the operating system (kernel) kernel in order to avoid interference between concurrent processes, which can result from programming errors or through malicious activities.
Above this kernel protection there is a new level of hardware protection carried out by the processor itself, which is responsible for distributing the system core in different random areas of the RAM, so that in case of modification the the kernel would become corrupted and fail, so that the main component of the operating system would lead to an irretrievable computer crash. A clear example of this are some of Microsoft Windows’ famous blue screens.
Therefore, the danger of these vulnerabilities is that they have gained privileged access to RAM, both read and write, bypassing all security systems. In other words, the attacker has free way to run malicious programs with privileges of other users or even operating system kernel privileges (RING0).
This attack affects both individual users and businesses. The first is directly affected against your privacy and use of your system, as an attacker could spy on all the data entered (passwords, credit card numbers, emails) as well as use the attacked machine as a botnet for use by third parties for malicious purposes. In the case of corporate environments, it directly attacks multi-user systems and virtualization environments, as running malicious code on a virtual machine would put the entire system and subsystems at risk, as it would have full access to the memory of the host machine.
On the other hand, it is important to note that the vulnerability comes from a hardware design failure, by manufacturers, so it is necessary to wait for the security patches to be released in order to solve the problem. At the moment it is unknown which microprocessors particularly affect, although most 64-bit microprocessors would apparently be affected, with those already considered older 32-bit unaffected, but still in use in many cases. In this sense, Vector ITC Group has the cybersecurity platform Vector Deep Surveillance (VDS), a service aimed at enforces and companies having the capacity to protect their infrastructures by collecting all the information of the devices, networks, and users, and their real-time analysis for attacks, malicious behavior, and any other attack vectors that pose a vulnerability to systems.
“Vulnerabilities affecting physical elements of the computer have the particularity that, to fully fix them, external help is needed in the form of security patches,”they report from Vector ITC. “For this reason, our service focuses on the prediction and prevention of behaviors that can compromise security in customer infrastructures through all the information of equipment and networks, as it allows us to get ahead and develop strategies security against external attacks,”concludes Ivan Lastra.