Spectre is the name of the fictional criminal organization maliciously carrying out plots in several Ian Fleming novels featuring the character 007 (James Bond). The name is actually an acronym for SPecial Executive for Counterintelligence, Terrorism, Revenge and Extortion. When you think about it, that pretty much sounds like the definition of various forms of 'cyber crime.'
Well now, Spectre is no longer 'fictional', and in fact it is the face and name for a relatively new form of cyber threat that is on the rise. Microsoft recently announced that they had become aware of security flaws that impact the chips of various computer manufacturers.
Spectre and it's brother called Meltdown have broken what was once thought to be the isolation between software based malware impacting operating and other software on your computer and have now reached the computer's hardware. This brand of malware is geared toward the most critical component of your hardware, not your software.
These malware take advantage of computer chip vulnerabilities and impact the way that your computer's microprocessor works. They attack something called 'speculative execution' which is part of your microprocessor's routine that has been implemented over the past 10 or so years to help optimize microprocessor performance.
Spectre and Meltdown impact speculative execution differently, but the fundamental is that they restrict the ability of the processor to work.
I know what you are thinking here, "Did Murph really say that there is some new kind of malware that will hijack my computer hardware, rather than my software or data?" That's exactly what Murph is telling you.
In many cases they can effectively bring your computer's processing ability to a near halt, certainly they can severely impede processing functionality. So, you are probably wondering if the computer companies can just send you a 'patch' to fix the vulnerability the way that Microsoft does with their operating system?
The reality is that in many cases such a patch to affect the 'hardware' is NOT what you would hope for, it maybe that the best patch is to simply 'turn off your computer' (for good), or perhaps replace your motherboard and chip-set after the rest of the computer has been wiped clean.
But don't think that such 'hardware' malware will only target your computer, after all microprocessors control practically everything from your coffeemaker to your car. What are you going to do when your mechanic tells you that your car's computer has been hijacked by malware?
And when this type of malware becomes ransomware, what are you going to do, pay the ransom or junk the car (or computer) and buy a new one? The cyber criminals are counting on you to pay the ransom.
To help avoid this latest threat take these steps:
- Make sure your antivirus software is up to date. Check your software manufacturer's website for their latest info.
- Keep your computer operating system up-to-date by turning on automatic updates.
- Check that you’ve installed the January 2018 Windows operating system security update from Microsoft. If automatic updates are turned on, the updates should be automatically delivered to you, but you should still confirm that they’re all installed.
- Install any firmware (Bios) updates from your computer manufacturer.
And to get (or stay) abreast of the latest cyber threats, be sure to plan on attending my Cyber Security for You and Your Clients course at Scaling New Heights in June, 2018. There is no telling what all new threats the cyber bad guys will have come up with by then.