Fake Meltdown and Spectre Patch Phishing Emails
Date: Jan 10, 2018
Take note – cyber criminals have already jumped on the ‘Meltdown and Spectre’ bandwagon with patch phishing attacks. You need to take action now.
* Vendors are quickly rolling out patches. Microsoft and Google did so last Thursday. Patch quickly but with discretion: not all anti-virus programs are compatible with the updates.
* Be alert for social engineering scams related to the bug announcements. These follow most major cyber incidents, and Meltdown and Spectre are no different. Remind your employees of your patching policies and notification practices (a ready-to-send email to your users is below). Remind your end users that they’re the last line of defence.
* Your IT end users may notice that some of the services they use seem to be moving more slowly. This may not be evidence of a problem, but rather a sign that those services, cloud providers in particular, are taking steps to mitigate the risk.
* ARM, Apple and AMD processors are known to be afflicted with Spectre – these chips are widely used in distributed, set-it-and-forget-it, Internet-of-things devices. This means the risk is likely to linger there the longest.
* The disclosure suggests a human problem. Google found the flaws last summer and vendors have been quietly working to prepare fixes since then. The news broke suddenly, and before fixes were entirely ready, because Google determined that someone, somewhere, had begun to leak the news.
Text you can copy / paste and send to your IT end users:
Computer researchers have recently found out that the main chip in most modern computers—the CPU—has a hardware bug. It’s really a design flaw in the hardware that has been there for years. This is a big deal because it affects almost every computer on our network, including your workstation and all our servers.
This hardware bug allows malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. This hardware bug breaks that isolation.
So, if cyber criminals are able to get malicious software running on your computer, they can access your passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents. Not good.
What Are We Doing About This?
We need to update and patch all machines on the network. This is going to take some time, some of the patches are not even available yet. We also may have to replace some mission-critical computers to fix this.
In the meantime, you need to be extra vigilant, with security top of mind and Think Before You Click.