Cyber Criminals Use Processor Vulnerabilities to Spread Malware
Once security issues go global, cyber criminals tend to exploit them for their own gain. It happened with the global ransomware treats, NotPetya, BadRabbit and WannaCry. Hackers used fraudulent decryption keys to spread malware. Now, they’re using malicious Meltdown/Spectre “patches” to spread malware. According to Tech Republic, the malicious patches have been targeting Germany; however, it won’t be long until they’re spread globally.
The malicious patch is being sent via phishing scams, claiming that the installation of the patch is critical. Within the email, users are asked to go to a certain website to download the patch. Interesting enough, the website they’re asked to go to is an https:// page. Often times users believe clicking on https:// links are safe because the “s” stands for secure. Although, the data transmitting from the computer to the website is secure, it does not mean the content within the page is safe and not malicious.
Avoid scams such as these by keeping two things in mind. First, valid security patches will not be distributed to users individually. Secondly, any email or website that is urging users to implement patches or updates are signs of red flags. Instead patches will be launched within an automatic update. Unless of course the user has opted out of automatic updates, in which case the patch will launch at the time the software update is manually launched, which can be done through the Settings feature within the operating systems.