Is the heart of your computer safe?

Businesses globally are neglecting key aspects of cyber-security.  The very basics of protecting computers, servers and other devices from firmware attacks. These attacks are on the rise and give attackers the opportunity to cause irrevocable damage to the heart of the device.

A recent survey by Microsoft surveyed 1,000 businesses across industries in UK, US, Germany, Japan and China which indicated that 80% of companies have experienced a firmware attack at least once in the past two years.

This is a high percentage which should suggest that businesses take this seriously and put security measures in place to combat future attacks.  Yet only 29% of security budgets are allocated to protect firmware. Many businesses are not adequately protecting their systems and data.

So what is a firmware attack?  Simply put, cyber-criminals design and use malware that interferes with the firmware in the components of the PC.  These attacks are significantly worse bearing in mind that computers contain a wealth of firmware from webcams to soundcards. By entering a code, this enables the attacker to bypass the computer’s operating system as well as any software that is used to detect malware. They are extremely dangerous and compromise a device before it is even booted up. Firmware is vulnerable to an attack and exploited because it is not secured by a digital signature, allowing the attacker to infiltrate by attaching their own code. The code works within the system stack and are therefore difficult to find.

MYTH –  hackers need to be in physical contact with a computer to infiltrate its firmware.

Regrettably, NO. It can be done remotely and once the code is in the system it can change firmware, infiltrate software and so much more.

Whilst firmware attacks are not as extensive as phishing scams, malware or other cyber-attacks, cyber-security experts and technology industry as a whole say businesses need to be alert to hardware security.  The risks are high; allowing remote control of the computer, exfiltration of data and spying on activity. Attackers can gain advantages over traditional attacks by accessing the highest level of privilege, bypassing security, causing irreparable damage and being undetectable.

These attacks are not common on a day-to-day basis but this is mainly due to businesses not knowing they have been infected. However, the National Institute of Standards and Technology (NIST) within the US Department of Commerce has recorded a five-fold increase in firmware attacks in the last four years.

The opportunity for these attacks has massively increased during the recent Coronavirus lockdowns. With more employees working from home and connecting to work servers, hackers see these computers and any connected devices as an opportunity to infiltrate.

Businesses need to realise the importance of their firmware as an asset; making sure it is consistently updated and using security validation tools to ensure any security in place is efficient and protects company data should they suffer an attack. As firmware is typically hidden, it can take months for a business’s IT team to work out that something is wrong. Industry analysts predict that by 2022, 70% of businesses that don’t have a firmware upgrade plan in place will be breached due to the firmware vulnerability.

Attackers are constantly refining their strategies and it is vital that businesses take steps to ensure preventative measures are in place. Whilst software attacks are easy, hackers opt to target firmware which gives them guaranteed access to company information and encryption keys.

The damage caused can be sizeable but steps can be taken to minimize vulnerability:

• Update firmware regularly
• Buy hardware with built-in protections against firmware
• Don’t use untrusted USB devices – these are highly insecure and dangerous!

This is not just a major issue for businesses, but also brings onboard the need for hardware and firmware designers to be involved. If they are work together, action can be taken to protect their systems. Unfortunately, the industry still has work to do and firmware vulnerabilities are being identified across a range of devices.