AV-Test discovered 119 malware samples last month that can be associated with the Spectre and Meltdown attacks. Since the vulnerabilities were revealed last month, no attacks ‘in the wild’ have been discovered yet by the German test lab.
Fortinet’s researchers analyzed 83% of all samples. Which means there are some samples untested. Fortinet explains how that’s possible, “the other 17 percent may have not been shared publicly because they were either under NDA or were unavailable for reasons unknown to us”.
The Dutch website security.nl asked AV-Test for more details on the discovered 119 samples. They received a reply from Andreas Marx from AV-Test who reports that meanwhile 139 samples have been found. The majority of them are re-compiled or extended versions of the proof-of-concept code.
The malware comes from several sources like other researchers and testers but also from other antivirus vendors.
“I think different groups work on proof-of-concepts to determine whether they can use them somehow”, Marx continues. Given the large amount of vulnerable systems, Spectre and Meltdown are interesting for cybercriminals to steal data from browsers.
“I’m confident that we’re still in the research stage of the attacks, but I wouldn’t be surprised if we see the first targeted attacks in the future”, according to Marx.
Large attacks depend on how easy it is to perform the attacks. Marx advices users to update their BIOS and OS and to turn off their computer if it’s not used for a while. Not only does it reduce the attack surface but it also saves energy.