Security News for Jan 2018

Posted by Orion Network Solutions on February 2nd, 2018

With the level of integration technology has in our daily lives, user vulnerabilities are ever more prevalent, and threats are increasingly sophisticated, preying on the unwitting and the seemingly armed alike. Of the different security issues that have greeted 2018 in headlines, two newly discovered vulnerabilities stand out mainly because of their scale and reach. Meltdown and Spectre are among a cluster of unique but related security issues exploiting features that are shared by most, if not all modern and high-performance computer chips and processors. Technical details of how these vulnerabilities work can be fascinating, especially to those with the background in computer architecture, but the impact they produce is quite simple. They threaten to read from memory they are not supposed to have access to, efficiently allowing attackers unauthorized access to sensitive data—including passwords and authentication cookies and even the entire state of a kernel’s random digit generator—potentially compromising encryption.

Meltdown mostly affects CPUs running Intel chips and is much easier to exploit than the more subtle Spectre. While Meltdown can be mitigated at OS level (in fact all major OS vendors do so), mitigation slows performance down by 20% for common workloads. The other variant is a more subtle but far more sophisticated threat, allowing the malicious actor to step through and read everything they want. Although harder to exploit, Spectre is also much harder to mitigate although security patches for defence are expected to be released soon. In the meantime, keeping systems up-to-date is an excellent first line of defence against either threat.

Other common threats to watch out for in the coming days are in the form of returning vulnerabilities and the growth of more sophisticated attacks from the past. Spam emails, for instance, remain a great nuisance in the daily lives of users. While stopping spam isn’t difficult these days, the ones that get through are more sophisticated than ever, turning unwitting clicks into triggers for ransomware, which can cause great damage and even more significant personal security vulnerabilities.

Socially engineered threats are also ever-growing, in fact, they are the fastest growing types of cyber threats. An increase of 74% in phishing attacks has been recorded between Q2 and Q3 of the previous year. There are projections that BEC (Business Email Compromise) is to hit billion in the coming year, which is why users should beware of attacks that are mostly attributed to social engineering and unpatched software.

About the Author:

Mike Rana is the Chief Technology Advisor of Orion Network Solutions. Orion Network Solutions specializes in providing Computer Installation, Maintenance, and Consulting services along with 24x7 help desk services for small and midsize companies. We provide network solutions that enable small businesses to not only lower their management cost but also increases employee productivity at the same low price. We offer network solution that becomes an integral part of your organization and can provide an increase in productivity of your organization.