One of the biggest security takeaways from the first half of 2018 is that we can never make our computer systems perfectly secure, and the underlying hardware can be just as susceptible to exploitable flaws as the software that runs on it. Two new vulnerabilities—Meltdown and Spectre—affected nearly every device with a CPU, making this one perhaps the worst first half ever in terms of computer security. While not the most severe we’ve ever seen, these vulnerabilities hit the entire ecosystem of computers due to flaws in how modern processors isolate private memory. Until they were fixed, they offered access to bad actors who could gain access to private data, such as login credentials. What’s more, Meltdown and Spectre existed for two decades before being discovered, and there are certainly many other bugs lurking.
Here’s the good news: our collective approach to Meltdown and Spectre revealed some positive trends in cooperation and communication. First, the vulnerabilities were discovered by white hat hackers. Google’s Project Zero, as well as bug bounty programs from Microsoft and Apple, have been working. They incent people who discover vulnerabilities to communicate directly with the parties who can fix them, before going public with the information. Second, their existence was closely guarded, to allow time for OS manufacturers to develop fixes. Competing companies shared information and worked in tandem to find a software solution to a hardware problem, and that’s a noteworthy trend.
The bad news: threat actors aren’t standing still. They constantly evolve methods, techniques and evasion approaches, making other malware campaigns such as Emotet, TrickBot and Zeus Panda more persistent and harder to detect. They are pivoting from ransomware to cryptojacking. Increasingly sophisticated phishing attacks are stealing credentials, introducing malware, and doing reconnaissance. Phishing attacks are also becoming more targeted, as criminals find ever-more-valuable information stores.
The Webroot Threat Research Team has analyzed the data from our customer base during the first half of 2018. This mid-year threat report not only shows the stats, but also tells the story behind the headlines. The bottom line from our observations: it has never been more important to implement a robust, effective, multi-layered and continuously evolving security approach to keep valuable data and systems secure.