LW’s NEWS WRAP: Meltdown, Spectre discovered in the wild – live hardware attacks one step closer

By Byron V. Acohido

Last Watchdog’s News Wrap, Vol. 1, No. 5. We’re now one step closer to witnessing cyber criminals exploiting a new class of vulnerability that exists in the hardware level of virtually every computing device in active use.

Nearly 140 samples of malware that exploit the Meltdown and Spectre vulnerabilities have been discovered by AV-TEST. Most of these are on existing proof-of-concept code, which is probably originating with white hat researchers.

Related article: Why ‘Meltdown’ and ‘Spectre’ signal a banner year for hackers

Chip makers, led by Intel, have said they’ve seen no evidence the Meltdown and Spectre vulnerabilities have been exploited to steal customer data. AV-TEST’s latest findings show the number of unique samples has risen sharply in recent weeks.  Andreas Marx, CEO of AV-TEST, told SearchSecurity he believes malware authors are still in the “research phase” of developing attacks based on Meltdown and Spectre.

Let’s not sugar-coat what this means going forward. Malware writers aren’t doing this research for nothing. Chip-based attacks are coming.

Most breaches ever

Hard metrics that 2017 was a very, very bad year, indeed, for cyber attacks came this week from consultancy Risk Based Security, which released its 2017 Data Breach QuickView Report.

The 5,207 breaches recorded last year, surpassed 2015’s previous high mark by nearly 20%. The number of records compromised also surpassed all other years with over 7.8 billion records exposed, a 24.2% increase over 2016’s previous high of 6.3 billion.


“The level of breach activity this year was disheartening”, says Inga Goddijn, Executive Vice President for Risk Based Security. “We knew things were off to a bad start once the phishing season for W-2 data kicked into high gear. But by the time April 18th came and went, breach disclosures leveled off and we went into summer hopeful the worst was behind us. Unfortunately, that wasn’t the case.”

Nasty Chrome extensions

Yet more evidence that cyber criminals are amazing innovators, comes from Computer Weekly columnist Warwick Ashford’s article describing a new botnet delivering cutting-edge malicious payloads via infectious Chrome extensions.

Analysts at Trend Micro discovered this new botnet in the wild, and dubbed it Droidclub. This nasty little fellow is designed to spread malicious Chrome extensions via a mix of malicious advertising and social engineering. Once the evil extension is installed, the infected computing device subsequently reports on a recurring basis with the botnet command and control (C&C) server, awaiting further instructions.

Trend Micro found nearly 90 malicious Google Chrome extensions lurking in the official Chrome store designed to hijack computers to mine cryptocurrency and record victims’ every move. DroidClub has infected some 400,000 computers that we now know about, according to Trend Micro.

Cyber insurance fast track

The implications of a steadily worsening threat landscape has definitely not escaped state and European privacy regulators – nor insurance carriers.

Speciality insurer Beazley makes this point and has been leading discussions about cyber liability policies evolving quickly, with bigger limits, more buyers, and more BI covers being bought

This is all happening in context of data breach disclosure, intelligence sharing about new forms of attacks and new data-handling regulations like the EU’s General Data Protection Regulation (GDPR) and New York’s Department of Financial Services new cyber security certification rules.


“There has been an evolution of coverage,” Lucien Mounier, Paris-based cyber underwriter at Beazley told StrategicRISK. “Regulatory change and events like WannaCry have accelerated things.”

Big companies have been buying up cyber policies like crazy the past few years. But a shift is taking place with SMEs – small- to mid-sized enterprises —   increasingly among the buyers. “They don’t need to be physically targeted to end up victims; the losses of 2017 have helped increase awareness at SMEs and among middle market CEOs,” Mounir says. “In France there are hundreds of thousands of SMEs; you can’t forget about those guys.”

Apple, Cisco insurance-friendly

And finally, speaking of cyber insurance, Apple and Cisco this week announced a partnership with  insurer Allianz that will allow businesses with their technology products to receive better terms on their cyber insurance coverage, including lower deductibles – or even no deductibles, in some cases.

The catch, of course, is that the policy buyer much purchase a certain set of security products and services embedded in products or provided by these two tech giants, such as Cisco’s Ransomware Defense and the security components built into the latest model iPhone, iPad and Mac.

Allianz found Apple and Cisco’s products offered businesses a “superior level of security,” Apple said in its own announcement about the new deal.

(Editor’s note: LW’s NEWS WRAP is an aggregation of published articles, postings and releases supplemented by additional reporting.)



Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone