There has been a troubling rise in the number of attacks that target the very operating instructions that make a device function. The firmware layer sits outside of the operating system and holds most of the control over how the hardware interacts with other software (like an operating system).
Over the last four years, attacks on device firmware have increased by 500%. And over the last two years, 83% of companies have experienced a firmware attack. Many of them are completely unaware that the attacks even happened.
Firmware is not as easy to monitor for threats as other areas of a system. It has also been largely neglected in cybersecurity budgets. The average allocation for hardware-level protection is just 29%.
What is Firmware?
Most people have heard of firmware but aren’t exactly sure what it is. They may think it is something that is attached to a graphics card or some other internal function.
Firmware is the operating manual for hardware. It tells your system how to boot an operating system and how to interact with other system software and components. Firmware is different than other types of software in a few ways:
- It sits outside the operating system.
- It is not typically accessible to users (other than to apply an update).
- Activity that happens inside the firmware layer can be invisible to the operating system.
- Standard antivirus/anti-malware programs can’t detect firmware attacks.
Why Are Firmware-Level Attacks Too Dangerous?
Attacks at the Hardware-Level Have Been Rising.
One of the things that makes firmware something that should move to the top of your IT priority list is that hackers have moved it to the top of theirs.
Attackers have realized that firmware is not as protected as other areas of a PC or server. So, they are taking advantage and attacking firmware in large numbers.
The rise in these types of attacks took off after high-profile malware campaigns directed at firmware (such as Trickbot and WannaCry) were in the news. An example was a 2018 attack that incorporated a UEFI rootkit (UEFI is Unified Extensible Firmware Interface).
When Firmware is Manipulated, It Can Cause Major Damage
Since the firmware in a device holds such a high-level role, when that code is re-written, it can cause major damage. It can even make a computer or server completely unusable (known as “bricking” a computer).
Some of the common activities that happen when hackers infiltrate firmware are:
- Spying on your activity
- Stealing data
- Taking control of a computer
Recoding the firmware layer can do things like stop the operating system from booting correctly, change how an update is applied to the OS and create unseen backdoors that allow for persistent attacks that can go on for years.
Firmware Has Several Weaknesses
Attackers are always looking for the path of least resistance into a system and the firmware offers an attractive one.
Manufacturers historically have not built much protection into device firmware. A report from Wired showed that researchers found vulnerabilities in as many as 80% of the PC's examined (even those from big names like HP and Dell).
Another weakness is that firmware often goes without having vital updates installed. Updates are not as noticeable for device firmware as they are for software and operating system updates. Users can easily overlook them.
Attacks at the Firmware Level Often Go Undetected
There is a lack of transparency between the firmware and operating system layers. In most cases, the OS and any software running within it (like an anti-malware program) can’t see out to the firmware layer.
This means that attacks and malware planted in firmware are very difficult to detect. A company may know that a system has been compromised, but due to lack of visibility, may not know where the malicious code is or how to remove it.
Protections You Can Put in Place to Prevent a Firmware Breach
Ongoing Employee Security Awareness Training
Firmware breaches happen through phishing attacks just like other types of breaches. It is important to keep your team well-trained on how to spot phishing and the latest tactics being used.
Being well-trained requires ongoing exposure to IT safety tips and guidelines rather than just an annual training. This can be done in an engaging and effective way through things like cybersecurity videos, infographics and more.
When Purchasing Hardware, Make Firmware Safety a Priority
Not all hardware is created equal when it comes to firmware-level protection. You can significantly reduce your risk of attack by looking for computers and servers that are designed with additional safeguards for the firmware.
These will include built-in zero-trust safety measures as well as more visibility to see into the firmware layer for breach detection purposes.
Two manufacturers making efforts in this area are:
Keep Firmware Updated
It is important to keep your firmware updated just like you should do for your devices’ operating systems and software.
Since firmware updates can be more difficult to notice or locate, it is a good idea to sign up for a managed IT services plan that includes all of your device updates (including firmware) as well as other maintenance, support and security needs.
Get Help Assessing Your Firmware Security
Sound Computers can help your Connecticut business review your firmware protections to see where your business may be vulnerable.
Contact us today to schedule a free consultation. Call 860-577-8060 or reach us online.