In today’s corporate landscape, data security flaws affecting everyday devices and software are announced every few months. Recently, the Key Reinstallation Attack (KRACK) caused a severe replay attack on the Wi-Fi Protected Access (WPA2) protocol. This instance, like many others, created widespread corporate vulnerabilities, allowing hackers to steal and exploit sensitive information. While KRACK was discovered in 2016, a more recent breach referred to as Spectre and Meltdown, is currently wreaking havoc on a massive scale. Spectre and Meltdown allows for malicious programs to take advantage of, read, and steal data stored in a processor’s cache.
Not only does this hardware-based attack require corporations to replace their processors, it also reveals a glaring vulnerability in the reliance on Intel and AMD, and the need to rewrite the processors architecture. Currently, there is no permanent fix or workaround for this issue. Although a redesign of the processor architecture is in the works, a finished product has yet to be confirmed. In the meantime, Intel continues to push workaround software patches to help prevent attacks.
To protect their sensitive data, corporation’s must replace their processors once Intel and AMD deliver a permanent solution to address the Spectre and Meltdown bug. Some experts note that the solution could take years or longer, and eventually organizations will have to opt for an entirely new architecture (x86) or transition to open-source. Organizations that do not adapt and upgrade to new hardware put themselves at risk of exploitation, potentially leading to the loss of mission critical data and sensitive information.
Another crippling result of a Spectre and Meltdown attack is the financial loss associated with replacing equipment. When an attack occurs, organizations rely on the manufacturers to create a new socket type (new processors are not built on old architecture), which requires a wide-scale replacement of motherboards. In terms of cost, companies have no choice but to replace all of their computing workstations as a result of replacing processors. In addition, the loss of time needed to repair, recover, and grapple with lost and stolen intellectual data is priceless. With three to four generations of servers in existence (over 40 million in total), experts estimate the scope of financial damage related to servers is approximately $10 billion. [1]
On the bright side, the latest IT update rolled out by Microsoft, Apple, and Linux, have patches to address the Spectre and Meltdown and PC manufacturers have also released BIOS updates. Unfortunately, these patches will only mitigate some of the potential issues. With no permanent fix for Spectre and Meltdown in sight, companies are left with the harsh reality of having to rebuild their IT infrastructure all over again.
It goes without saying that companies must remain vigilant and prepared for potential attacks. Specific to Spectre and Meltdown, recognizing threats and implementing safeguards from vulnerabilities is just a start. Being up-to-date with real-time IT security flaws is vital, as well as staying knowledgeable about current and past organizational IT security exploits. Until a permanent solution is released by Intel and AMD, it is imperative that organizations provide routine IT security awareness trainings and briefings to all employees to proactively prevent exploits and mitigate consequences.
[1] “The Spectre and Meltdown Server Tax Bill,” Jan. 2018; The Next Platform. https://www.nextplatform.com/2018/01/08/cost-spectre-meltdown-server-taxes/
About the Author
Matthew Yu serves as a Service Desk Configurations Tech for MIL’s Library of Congress contract. He has over five years of professional hardware and software experience, proactively testing new patches and hardware to mitigate security breaches. He is CompTIA A+ certified, and in his spare time he likes to build systems, follow technology trends, and keep up-to-date with IT news.