Microsoft released Security Advisory 18002 on Wednesday, January 3, 2018 to mitigate a major vulnerability to Windows in modern CPU architectures. ESET released Antivirus and Antispyware module 1533.3 the same day to all customers to ensure that use of our products would not affect compatibility with Microsoft’s patch.
The first few days of 2018 have been filled with anxious discussions concerning a widespread and wide-ranging vulnerability in the architecture of processors based on Intel’s Core architecture used in PCs for many years, as well as processors from AMD, and even affecting ARM processors commonly used in tablets and smartphones.
The good news is that ESET can help protect against the types of malware that could take advantage of these vulnerabilities.
And, ESET was one of the very first security vendors to allow the Microsoft patch against the flaw to be enabled.
While ESET protects against potential malware infection, you should also take these steps to secure your computers and data:
- Make sure your browser is up to date. For Chrome or Firefox users:
- Mozilla has released information describing their response, including how Firefox 57 will address these security flaws.
- Google has stated, “Chrome 64, due to be released January 23, will contain mitigations to protect against exploitation.” In the meantime, you can enable “Site Isolation” found in current stable versions of Chrome to provide better protection.
- Make sure you update your ESET software, then update your Windows OS to protect against this exploit. To update ESET:
- Customers should review ESET’s Knowledgebase article for important updates.
- See this great collection of tips, articles and recommendations from the Google Project Zero team.
- If you have a cloud-based server or have a website hosted by hosting provider, check to see what mitigations they have implemented already to prevent Meltdown.
After a turbulent 2017 with Cyber Security making regular headlines, looking ahead to the coming year, there will no doubt be further discussions about the threat landscape.
Ransomware Revolution – Ransomware of Things
Technological advances and their accelerated use have led to a number of scenarios considered unlikely just few years prior, are now within the realm of possibility. The advice going into 2018 from ESET researchers is to back up everything that matters to you, often, by keeping at least some backups offline – to media that aren’t routinely exposed to corruption by ransomware and other malware – in a physically secure location. As the Internet of Unnecessarily Networked Things becomes less avoidable, the attack surface increases, with networked devices and sensors embedded into unexpected items and contexts: from routers to fridges to smart meters, from TVs to toys, from power stations to petrol stations and pacemakers. As everything gets ‘smarter’, the number of services that might be disrupted by malware becomes greater.
Criminals following the money
With data being the most valuable asset, ransomware is set to remain in great demand among cybercriminals. It is important to note that many ransomware attacks are not sophisticated enough or never intended to recover the victim’s data once the ransom has been paid. For these reasons we suggest not only backing up of data online and offline but also implementing proper security measures such as proactively training staff on what phishing emails entail and how to avoid clicking on them and entering any credentials.
Critical infrastructure attacks on the rise
Cyber attacks on the Ukrainian power companies resulted in electricity service being turned off in hundreds of thousands of homes. The implications of this for future attacks of this kind include more than just the power grid but also includes critical manufacturing and food production, water and transport and the defence and healthcare sectors.
Safer for all
This year has seen ESET’s malware analysts continue to help law enforcement crack down on malicious campaigns and, by extension, the criminals spewing them. We are confident that 2018 will bring further successful investigations as we will continue to lend a hand to authorities so that, ultimately, the internet can become a safer place for everyone – except cybercriminals.
Download the full Security Trends 2018 report here