The most frequent cause of malicious cyberattacks is when computer users click on links that result in malware being downloaded onto computer networks.
But another emerging hardware-based cyberthreat is being studied by the Cyber Command and U.S. intelligence community, according to the nominee to head the command and the National Security Agency.
Army Lt. Gen. Paul Nakasone, Cybercom and NSA director nominee, told the Senate Select Committee on Intelligence in written answers that massive hardware vulnerabilities called Spectre and Meltdown are major worries.
"U.S. Cybercom is engaged with the intelligence community, interagency and industry to better understand Spectre and Meltdown vulnerabilities and employ mitigations," Gen. Nakasone stated.
Spectre and Meltdown are vulnerabilities affecting nearly every computer chip made in the past 20 years. They were discovered by security researchers in late 2017 and can be used by hackers to steal data from computers through flaws contained in microprocessors -- the integrated circuits that contain all the functions of a central processing unit of a computer system.
Malicious programs can be used on the two vulnerabilities to extract secrets stored in the memory of running computers that until recently were thought to be safe from such theft. Potential lost data could include passwords stored in password managers or browsers, personal information such as photos, emails and instant messages, and documents.
A Meltdown attack uses a malware program to "melt" security features that protect information designed into all but two Intel processors released since 1995. Patches are available through operating system updates.
Two variants of Spectre affect all Intel, ARM and AMD processors and require hackers to conduct more complex attacks based on a process called "speculative execution," a process used to speed up computer functions. It allows a hacker to trick programs into revealing their secrets and is more difficult to patch than Meltdown.
Gen. Nakasone said Pentagon directives under what is known as the Information Assurance Vulnerability Management program also have begun to address the two vulnerabilities, with Cyber Command helping identify which systems with flaws should be fixed first with solutions provided by vendors and chipmakers.
The Defense Department "will need to continue to follow these developments closely and adjust its approach as the situation warrants," Gen. Nakasone said.
© 2018 Washington Times under contract with NewsEdge/Acquire Media. All rights reserved.
Image credit: iStock/Artist's concept.