It seems that there is no end to the different areas of attack that businesses need to be prepared for. As soon as you shore up your network security against one type of attack, you find out that a new one is rising rapidly.
One of the latest threats to businesses is a firmware attack. This is an attack on the code that runs the hardware of a device.
The firmware tells computers how to boot, what to do with the operating system, and which users can access the system, among many other things. All technology devices (even your TV remote control) need firmware to tell them how to operate.
A disturbing statistic from a recent Security Signals report from Microsoft is that in the last four years, firmware attacks have had a five-fold increase. Over the last two years, 83% of organizations have experienced a firmware attack.
Why is Firmware a Popular Target?
When security applications get stronger and block the methods of attack that hackers are using, they will often seek out other ways to infiltrate a system.
One of the vulnerabilities that many computers have is a lack of proper firmware protection. Anything running on the operating system environment, such as anti-malware or an advanced threat prevention application can’t detect malware at the firmware layer.
Why?
Because firmware code is stored outside the operating system. It’s at the hardware level, which adds both to a lack of transparency for the user and increased damage capabilities for the attacker.
Why You Should Be Worried About Firmware Security
Firmware Attacks Can Go Undetected
There’s historically been a lack of visibility into the firmware layer by users. This has been by design since computer and server manufacturers don’t want to let users potentially ruin a device by accidentally editing the firmware code.
But that lack of transparency means that if an attacker infects the firmware with a virus, ransomware, or other malware, it can go undetected. Companies may know they have a compromised system, but might not know how the attacker got in. So, the hacker can leave a backdoor open in the firmware and attack again and again.
Many Popular Computers Have Firmware Vulnerabilities
PC manufacturers haven’t historically been great at protecting device firmware. In a report from Wired, researchers detected vulnerabilities that hackers could exploit in 80% of the computers they examined (including brands like HP and Dell).
Users Often Don’t Update Firmware
Most users can’t remember the last time the firmware on their computer was updated. Operating system and software updates tend to be very visible and often will happen automatically.
But firmware updates don’t come nearly as often, and in most cases, users have to go looking for them in a manufacturer’s device application.
This means that devices often have vulnerabilities left unpatched because they don’t realize they need to open an app that they rarely (if ever) use to look for a firmware update.
Firmware Intrusions Can Completely Take Down a Computer
Because the firmware is the “instruction manual” for a computer or server, when an attacker breaches firmware and can rewrite that code, they have complete control over your device.
A hacker can make a computer completely unusable, infect the system with malware, add backdoors for persistent attacks, steal data and user credentials, and more.
How Can You Prevent Firmware Attacks?
Look for Computers with Firmware/Hardware Attack Prevention
Due to the rise in firmware attacks, PC manufacturers have begun taking notice and adding more firmware security to their devices. One example of this is Microsoft’s Secured-core PCs.
When you purchase new hardware, look for firmware and hardware protection as advertised features.
Practice Good Cybersecurity Hygiene
Firmware attacks occur due to the same reasons that other types of attacks happen. Users click on a phishing email, companies don’t properly protect passwords or one of several other lapses in basic cybersecurity hygiene.
You can prevent firmware attacks by using good security practices, such as:
- Keeping computers patched/updated
- Using phishing/spam filtering
- Using DNS filtering
- Conducting employee security awareness training
- Ensuring all devices (even mobile) have a reliable antivirus/anti-malware app
- Monitoring your network for threats
Many cybersecurity best practices can be covered through managed IT services.
Keep Firmware Updated
It’s important to keep all device firmware updated regularly. You may not receive a prompt as visible as that for an OS update, so it’s important to check for device firmware updates regularly to see if any are waiting. Do this for all devices, including your router.
If you use managed IT services, firmware updates will be taken care of for you along with other device updates.
Get Help Assessing Your Firmware Attack Vulnerability
AhelioTech can help your Columbus area business with a full security assessment and make recommendations to ensure your devices aren’t vulnerable to an attack on the firmware.
Contact us today for a free quote. Call 614-333-0000 or reach out online.