Firmware Attacks Are Up According to a New Security Signals Report (What You Need to Know)

By Nathan Drager | May 20, 2021 | Comments Off on Firmware Attacks Are Up According to a New Security Signals Report (What You Need to Know)

Firmware Attacks Are Up According to a New Security Signals Report (What You Need to Know)

The next urgent area of concern when it comes to cybersecurity is firmware. A recent Security Signals report from Microsoft found that hackers have been exploiting the fact that companies tend to make firmware a lower priority and have ramped up attacks significantly.

Firmware is the type of software that gives hardware its operating instructions. It will do things like telling a computer how to boot and how to interact with the operating system. If it’s not protected properly, it can lead to major cybersecurity problems.

Some of the troubling statistics that the study found included:

  • Firmware attacks have increased by 5x over the last 4 years.
  • 83% of businesses have experienced a firmware attack in the last 2 years.
  • Just 29% of the average security budget is allocated to preventing firmware attacks.

Why Firmware Attacks Are So Dangerous

Because firmware sits outside the operating system, it lives on a level that can’t typically be seen by the operating system or programs running within it. This lack of transparency makes it particularly difficult to know if the firmware has been attacked and infected with malware.

The firmware also gives hackers the “keys to the kingdom” when it comes to your device. If compromised, attackers can rewrite the operating instructions for your computer, server, router, or other hardware.

What Makes Firmware an Attractive Target?

Several factors make firmware attractive as a target for hackers. And as is usually the case with attacks, once one hacker identifies new fertile ground, others hop on board and join the party.

The attention to firmware largely gained steam when a rootkit for cyberespionage was identified back in 2018. Rather than attacking OS or software, it was designed to exploit the Unified Extensible Firmware Interface (UEFI) of a device. 

This rootkit was dubbed “Lojax” and was packaged with other tools that infected a system’s firmware with malware. Some of the things it was designed to do include:

  • Gathering and dumping system settings into a text file
  • Reading the contents of a PC’s Serial Peripheral Interface (SPI) memory
  • Installing the rootkit and writing the modified firmware to the system memory

Here are some of the things that make firmware so attractive to hackers.

Hackers Can Attack Systems Unseen

Firmware has a visibility problem. This is largely due to computer and device manufacturers not building user visibility into the firmware layer. Because firmware provides such vital information to a computer, it’s not something most manufacturers want users messing with, however, having no visibility allows hackers to roam free in that layer.

Things like antivirus/anti-malware that sit inside the operating system, typically can’t see out into the firmware layer. Thus, they can’t detect firmware attacks. So, hackers can often pull off persistent attacks that go on for months or even years.

Firmware Often Isn’t Updated

Firmware updates for things like computers, servers, routers, and other IoT devices are often overlooked. Firmware updates don’t happen as often and don’t usually give you a big popup alert as you get with operating system updates.

Without having vital security patches applied, firmware is often a sitting duck, with hackers able to exploit vulnerabilities that have been known for a while.

In a study of firmware security, it was found that 73% of organizations that didn’t prioritize protective measures for firmware had a high rate of unknown malware breaches that they couldn’t track down or stop. 

Breaching Firmware Gives Attackers a Lot of Control

When a specific software is breached, hackers are limited by what that software can do and how it can interact with other information on a device. But when the firmware is breached, it’s like going in at the top level. Hackers can control how a device functions and from that layer, can control how an operating system functions.

For example, an attacker planting malicious code in the firmware layer can:

  • Create user credentials and change user privileges
  • Change how the operating system boots
  • Change how the operating system applies security patches
  • Keep certain programs from starting at boot (backups, antivirus, etc.)

Tips for Firmware Security

It’s important to put firmware at a high priority level when reviewing and updating your IT security protections. Here are some of the things you can do to help prevent a firmware attack at your business:

  • Keep your firmware on all devices updated promptly.
  • Have a plan when it comes to malware/breach incident response.
  • Do a threat assessment, focusing on firmware vulnerability.
  • When purchasing hardware, look for PCs & servers with firmware security (Microsoft & HP offer these)
  • Make firmware security a priority and keep it regularly monitored, like other systems.

Get a Firmware Security Assessment Today & Stay Protected!

Quantum PC Services can help your Sturgeon Bay area business with a full security assessment, including firmware protection. We’ll identify any areas of vulnerability and recommend safeguards to keep your business secure.  

Contact us today to learn more! Call 920-256-1214 or reach us online.

 

Posted in Blog, Security

About Nathan Drager