Consider yourself warned: There is a new threat blowing up in the news, and it’s capable of exploiting most computing devices in operation today.
The threat is named NetSpectre, and it’s critical that you take a few minutes to learn a little more about it—and how you can prevent it from infiltrating your organization.
What is NetSpectre?
Recently discovered by a team of security researchers, NetSpectre is a variant on the new Spectre family of attacks.
Spectre attacks take advantage of a chip feature called “speculative execution”. Speculative execution was originally designed to improve CPU performance. But cyber criminals have developed a way to exploit this feature. Now, cyber criminals can develop Spectre attacks that exploit this feature, and trick computers into leaking sensitive information.
First, nearly every modern computing device is vulnerable to them. The speculative execution feature that they exploit is found in Intel, AMD, and ARM chips. These chips are present in computers, mobile devices, cloud servers, and almost any other device you can think of that has been produced since 1995.
Second, while Spectre attacks can potentially be patched, they may not be able to be solved via software improvements alone. To fully mitigate this exploit, it is likely you need to change a device’s processor architecture, at the hardware level.
Earlier versions of Spectre attacks were dangerous enough. But now NetSpectre has emerged, and it carries with it a new feature that suggests Spectre attacks are about to become even more dangerous than they originally appeared.
What Makes NetSpectre So Dangerous?
On the surface, NetSpectre operates like many other Spectre attacks. As The Hacker News explains, with NetSpectre, a cyber criminal can, “write and execute malicious code… to extract data from a previously-secured CPU memory,” giving that attacker access to “passwords, cryptographic keys, and other sensitive information”.
NetSpectre can be launched over a network, which includes LANs and between virtual machines in Google’s Cloud. As Bleeping Computer explains, NetSpectre, “can simply bombard a computer’s network ports and achieve the same results, “as previous, more involved Spectre attacks.
NetSpectre itself can only exfiltrate data at relatively low speeds, and thus requires a substantial amount of time to achieve its objectives. But it carries a frightening promise: this new threat demonstrates a potentially devastating, previously-unknown, exploit in the majority of the world’s computing devices. And you can bet that cyber criminals are hard at work developing new, faster, and even more dangerous threats to exploit this same vulnerability.
How to Beat Back NetSpectre, and It’s Next Evolution
The good news is: You’re not alone in your fight against NetSpectre and its variants.
Google remains hard at work, funding research to discover new Spectre exploits before they appear in the wild. And earlier this year, Intel released a series of patches that began to mitigate their speculative execution vulnerabilities. These patches appear to close the NetSpectre vulnerability. So if you have been aware of these emerging Spectre attacks—and updated your systems accordingly—than you should be protected against NetSpectre.
But if you have not updated your systems accordingly, or if you are unsure if you have patched this vulnerability, then please take some time today to do so. While it is heartening to hear that the OEMs behind these vulnerabilities are attempting to correct them, cyber security is an “all hands on deck” activity. Whether you are a business owner, a security professional, or simply an individual user, you share some responsibility for ensuring your network’s safety. And that begins with continued awareness of what threats are emerging, and how to protect yourself against them.
For further information on how to protect yourself from NetSpectre, and other emerging attacks, contact Paladion today for a free security review of you network.
Sreeraj Gopinathan heads a team of cyber security researchers for Paladion's AI-Driven MDR services. His team finds the latest cyber threats and exploits, so we can evolve our customer’s defenses to emerging threats. The team patrols every corner of the web, deep web, and dark web to discover the latest attacker TTPs, Malware, and more. Our MDR Analysts receive the latest threat intelligence derived from this research, which helps them better respond to security events and alerts. Sreeraj has been a cyber security leader for over 15 years now.