Two new security issues are on the radar: Meltdown and Spectre. We mentioned in a previous post how Apple, Google, Microsoft, and others have released software updates to help prevent attacks, but if you think that means you now have nothing to worry about, think again.
If you have a computer, you are almost certainly affected—and hackers are coming.
The threats on the horizon
Meltdown and Spectre are bugs in a computer’s processor that experts have now identified as areas with the potential to exploit. However, these have been present in our processors for almost 20 years. There is currently no evidence that hackers have been exploiting the flaws, but now that we know about them, they can and will.
The good news is that, with this knowledge, we can better protect ourselves. First things first: Keep all of your operating systems, browsers, and apps updated with the latest software. These patches will help prevent hackers from trying to steal your passwords and other sensitive information.
However, merely doing this doesn’t mean that you’re now immune from attacks. As a reminder, these flaws are hardware based, not software, so the security updates don’t eliminate the issue, rather they help combat any attacks that may derive from them.
What can we expect from hackers?
For the people who haven’t yet updated the software on their computers, browsers, and mobile devices (and there will be many), hackers will exploit these holes to steal things like your passwords and personal information. Even with those holes plugged thanks to recent updates, they will still try to capitalize on the Meltdown/Spectre buzz by utilizing various phishing attacks.
Scammers will pose as companies like Microsoft, for example, and use scare tactics to offer fake patches for Spectre/Meltdown vulnerabilities. This might come in the form of an email or message that looks legitimate. In it, you’ll find a link where you could unknowingly give personal information to a hacker.
Here are some basic tips to think about:
- Use caution with links – Don’t click on any link from an email, even if it looks legitimate, without doing a full investigation as to whether it is indeed real—and remember, cybercriminals have gotten really good at faking this kind of stuff. Pay attention to the email sender and see if there’s any variation from the actual company’s email address, and be on the lookout for spelling and grammar mistakes.
- Have good security software – Make sure that you have good antivirus software on all of your devices, and always keep them up to date.
- Use two-factor authentication – This means that when you log into an account, you have two ways to prove that you are who you say you are. This might be a code that is sent to your mobile device as well as a password.
- Create unique passwords – Speaking of passwords, make sure all of yours are unique. In other words, don’t use the same password for all of your accounts. It may be convenient, but it’s also convenient for the person trying to hack you.
- Backup everything in the cloud – Always backup your devices. If the worst ever occurs, you don’t want to lose any of the information held on your tablet, phone, or computer.
- Use a VPN – A virtual private network software like Hotspot Shield keeps your online activities secure and private from prying eyes. Unprotected WiFi networks like you might find in cafes or airports, for example, are notoriously unsafe. A VPN will ensure your data is encrypted and secure from hackers.
As for your devices, there are reports that the recent software updates have adversely affected CPU performance, especially among older Intel chips. In most cases, you won’t notice any significant difference, but with a reported degradation of anywhere between one and 20%, it’s something to be aware of.
Regardless of whether you’ve updated your devices, the Meltdown and Spectre flaws are still present. All you can do is use these tips to better protect yourself. Just because the news surrounding Meltdown and Spectre has now subsided, this is not the time to let your guard down.