Meltdown & Spectre: from PoC to the First Malware Samples

Delaware, USA – February 1, 2018 – Less than a month after the first publications about the vulnerabilities Meltdown & Spectre, AV-Test team discovered about 140 attempts to create full-fledged malware that exploits Meltdown and Spectre vulnerabilities. Researchers at Fortinet claim that the detected samples contain PoC code published in early January and are not yet a serious threat. The number of such malware is constantly increasing, and researchers predict that soon threat actors will create functioning samples that will use JavaScript on web pages to steal sensitive information.

Let us recall that many software vendors (including Microsoft) disable updates, which were supposed to protect users from the Spectre variant 2 attack. Intel confirmed that microcode update they released leads to frequent system reboots and needs further development.

In spite of this, it is necessary to monitor the release of security updates that mitigate these attacks, and as they released, install on the systems in your organization. If you have a Qualys subscription, you can use Spectre / Meltdown Dashboard to monitor this process. This use case is developed by Qualys; it uses Qualys AssetView to visualize vulnerability detections in a dynamic dashboard. Also, you can use SOC Prime Spectre & Meltdown Tracker use case for determining the impact of such attacks and detection of vulnerable assets in the organization.