Cybersecurity planning is often like hitting a moving target. Forms of attack are always changing and what may be a low priority today may be a new emerging attack vector tomorrow.
Hackers are always scanning for the best opportunity for attack. So, the way things generally play out is that attackers find a new vulnerability, companies and their IT professionals respond by fortifying that area, then hackers go looking for another area they can target.
Recently, that new area of vulnerability is device firmware. Attacks began being noticed on a large scale in 2018, then a major malware attack occurred that originated from a UEFI rootkit. UEFI stands for Unified Extensible Firmware Interface, and along with BIOS firmware, it’s one of the main firmware types running a computer or server.
As usually happens, once a successful attack occurs in a new or unexpected way, other attackers are on the scene trying to replicate it.
This is seen in the statistics over the last four years that show a five-fold rise in ransomware attacks. Additionally, in the past two years, 83% of companies have been hit with a firmware attack (and they may not even know it!)
Is your firmware in danger?
Let’s dive into why firmware attacks have become so prevalent and what you can do to protect yourself from a firmware breach.
What Does Firmware Do?
Let’s begin with the basics, understanding what firmware is and why it’s so important to your computer, server, router, or other IoT device.
Firmware is a type of software that gives hardware its operating instructions. The firmware will tell a graphics card how to work. It also tells your computer or server how to boot and how to load the operating system.
Other types of standard instructions include how to handle security patches, who is a legitimate user, and what their privilege level is.
Firmware is vitally important, and it lives at a level above the operating system of a device. It’s the code that allows your hardware to function.
Why Are There So Many Firmware Attacks?
Firmware is Often Out of Mind
Firmware is often out of sight and out of mind. It’s often not included when businesses are planning their OS and software update strategy for IT security.
It also doesn’t get updated as often by manufacturers, and when it does have an update, it doesn’t make a big deal out of it like OS updates. In many cases, users don’t even realize they have a firmware update available on their computer.
This lack of awareness about firmware vulnerability is one of the factors that has led to the rise in firmware attacks. Companies are not paying as much attention to protecting firmware as other areas of their network. But that’s just one reason firmware attacks have been running rampant.
Firmware Offers a Veil of Secrecy
Manufacturers haven’t always been great about giving visibility into the firmware layer. It’s sometimes considered something that is “hardcoded” and that is not really going to change much, so why would users need to have access?
However, in today’s cyber threat landscape, firmware vulnerabilities are more prevalent than ever, and not having visibility into the firmware layer means that companies have a hard time detecting attacks.
Hackers love this fact and take advantage of the position of firmware outside the operating system layer. This means that the operating system and any anti-malware programs running within it, can’t see out into the firmware area.
This allows hackers to go undetected for months or longer, and to continue perpetrating attacks going unnoticed.
Firmware Offers High-Level Privileges
When malware is released in the firmware layer of a system, it can do a lot of damage because the hacker can re-write the instructions for many hardware tasks.
This includes the ability to:
- Tell the system how to boot the operating system.
- Remove certain security features so they don’t run on boot.
- Change how security patches are applied within the operating system.
- Create system users and control user privilege levels.
Steps for Protecting Your Business from Firmware Attacks
Keep All Firmware Updated
It’s vital to keep your firmware updated regularly. This includes checking for updates and updating firmware in all types of devices, such as computers, servers, Wi-Fi routers, printers, networking components, and any IoT devices you use.
Look for Firmware/Hardware Protection in New PCs
Manufacturers are beginning to understand the need to protect firmware and offer more visibility into that layer so companies can detect when there is a firmware breach.
A couple of PC types that include extensive protections for firmware include:
Keep Employees Properly Trained
Firmware attacks happen like many other types of system attacks, which are through phishing emails that link to malicious sites or contain dangerous file attachments.
Keep employee security awareness training as a high priority to help thwart firmware attacks and several other types of breaches.
Need a Firmware Security Assessment?
Unity IT can help your Fresno area business ensure your firmware isn’t left vulnerable. We can do a full assessment of your devices, apply any outstanding patches and updates, and give you a game plan for the future.
Contact us today to schedule a technology consultation at 559-297-1007 or reach out online.