While companies have been focused on securing other areas of their infrastructure, attackers have been going after something that often gets forgotten when it’s time to install patches and updates.
Firmware is the software that provides the instructions for the hardware to operate, and it’s become a major target of hackers over the last few years. According to the Microsoft March 2021 Security Signals report, 83% of all businesses have been victims of a firmware attack in the past two years.
Why so many? There are two main reasons:
- Firmware attack volume has risen dramatically, increasing five-fold over the last four years; and
- Companies haven’t had firmware security on their radar. Only 29% of most enterprise budgets are allocated for firmware protection.
Why Firmware Is an Attractive Target
Firmware sits outside a device’s operating system (OS). So, when it’s attacked with malware, the breach often can’t be detected because many anti-malware programs are operating at the OS level.
Because it’s the code that tells hardware how to operate, it also has a lot of high-level privileges and often things like user credentials are stored in the firmware layer.
Another reason that hackers have been going after device firmware is that manufacturers don’t always build visibility into devices, thus attacks fly under the radar and are difficult to track.
Firmware updates also happen less often than OS and software updates, so it’s not unusual for users to overlook them, leaving unpatched code vulnerabilities that hackers take advantage of.
What Are Some of the Dangers If You Experience a Firmware Attack?
Hackers can get the “keys to the kingdom” when they hack into a device’s firmware because it has so much control over the hardware and other layers, such as the operating system, how the device boots, etc.
Here are some of the attack types that can be done through firmware:
- Changing the Boot Code: System firmware can be breached in a way to run a malicious code on startup and completely subvert the operating system.
- Delivering Malware: A firmware breach can be done to infected other components of a system with malware.
- Complete Access: The System Management Mode firmware is focused on runtime and is completely outside the operating system. Hacking this firmware allows the attacker complete access to a system while being invisible to the OS.
- Server Control: If a firmware for Baseboard Management Controllers on a server is breached, it can give the attacker total control over the server and its data.
- Write to System Memory: A breach of firmware for Network Cards and PCIe Devices facilitates complete damage of the system and the ability to execute malicious code.
Ways to Protect Your Business from a Firmware Attack
Look for Hardware With Firmware Protection
It’s important to keep firmware protection in mind as part of your cybersecurity planning and when you purchase new PCs, servers, and other hardware.
Manufacturers are taking notice of firmware vulnerability and beginning to add protections to devices to make it harder to hack. This includes things like a zero-trust architecture and more visibility for the detection of malware or suspicious system behavior.
Microsoft released a new range of PCs called Secured-core that are designed with firmware protection in mind.
Put Firmware On a Regular Update Schedule
It’s estimated that 70% of organisations that have no firmware upgrade plan will be breached by 2022. Firmware updates are not typically as visible as those for software and operating systems, so they often go without having critical updates and patches applied.
You must include firmware on a regular update schedule. The easiest way to do this is through a managed IT services plan that includes all updates and monitoring for your devices, including firmware.
Know Which Devices Use Firmware
Firmware is present in just about any electronic device. It acts as the device’s “operating manual,” and there will often be many different types of firmware present. One might control a graphics card, while another handles the boot process.
To keep your firmware properly updated, you need to have a full list of those devices needing to be checked regularly for firmware updates.
Some of the typical types of devices in an office that need firmware updates include:
- Servers
- Computers
- Routers
- Printers
- Security Cameras
- Voice Speakers
- Mobile Devices
- Smart Devices (locks, lighting, sensors, etc.)
Keep Users Trained on IT Security
Firmware attacks often originate in the same way as other types of attacks. This would be through a phishing email that either sends a user to a malicious site or contains a malware-laden attachment.
It’s important for your overall cybersecurity hygiene to train users regularly on how to spot phishing, what types of websites and links to avoid, social phishing, and other IT security best practices.
Is Your Firmware Leaving You at Risk?
Connected Platforms can help your Brisbane area business review all your firmware for necessary updates and put a plan in place to keep you protected.
Contact us for a free consultation. Call (07) 3062 6932 or book a coffee meeting online.
