Firmware holds a significant place in the hierarchy of systems that operate a computer or server. It sits outside the main operating system because it is the code that tells the operating system to boot up (among other things).
For hardware to function properly, it needs to have a set of instructions. These are for everything from how to handle memory to how to write and store information on a hard drive.
As you can imagine, if someone gains access to the firmware layer, a lot of damage can ensue. Firmware compromise gives someone the ability to rewrite the operating instructions of how your device functions.
The firmware also holds valuable information, including user credentials and permission. So, if a hacker gains access, they could create a new system user and elevate that user to the highest level of privileges.
Keeping firmware protected should be a major IT priority for your business.
Firmware Becoming a Target
One of the first large attacks that specifically targeted firmware was in 2018, it involved the use of a UEFI (Unified Extensible Firmware Interface) rootkit that led the way for ransomware campaigns and other malware attacks targeting firmware.
The March 2021 Security Signals report from Microsoft notes three alarming statistics:
- 83% of businesses have experienced a firmware attack in the last 2 years.
- Over the last four years, firmware attacks have increased by 5x
- On average, only 29% of security budgets are allocated to firmware protection
Why is Firmware Getting Attacked?
Firmware hasn’t always been such a popular target, but hackers have now figured out how lucrative firmware attacks can be. While at the same time, organisations are still behind on their security protections for device firmware.
Hackers are going after firmware for many reasons and knowing these can help you better fortify your own cybersecurity safeguards.
Attacks Can Go Undetected
When an attack or malware infection happens at the firmware level, often the operating system isn’t aware. Firmware is on a higher level, which clouds visibility for the user about what’s happening with firmware.
When you use an antivirus or anti-malware program, it’s installed on the operating system, so that’s where it can monitor to detect intrusions. However, it cannot see beyond the operating system, thus can’t detect firmware threats.
Attacks Can Be Persistent
That level of stealth that a firmware attack offers, allows hackers to maintain control of a device for a long period. They can gather information, use a server for their own means and continue a persistent attack.
Firmware Attacks Can Cause Significant Damage
When they’ve compromised the firmware of a device, hackers can do major damage, because they’re basically in control of how the device functions and high-level information, such as user credentials and privileges.
Some of the types of controls a hacker can gain through firmware include:
- How a system boots
- How a system patches its operating system
- Ability to read privileged data off hardware
- Control of system assets hidden to the operating system
Companies Aren’t Paying Attention to Firmware Security
Another reason firmware is getting attacked is that most organisations don’t have it on their IT security radar. They don’t have a regular firmware update schedule and haven’t looked into firmware-specific security measures, which differ from those for operating systems and cloud software.
Hackers go for the path of least resistance, and until companies begin better protecting firmware, these types of attacks will continue.
What Can We Do to Prevent Firmware Breaches?
Look for Hardware Manufacturers With Firmware Protections
There are certain things you have control over when it comes to firmware security, others are in the hands of the hardware developer. However, you can choose to look for hardware from developers that understand the importance of protecting the firmware layer.
When choosing computers or servers, ask about firmware-level protection. You can see one example of this with Microsoft’s new Secured-core PCs.
Keep Firmware Updated
Don’t leave firmware out when scheduling your OS and software updates. While firmware may not need updating as often, it’s just as vital to install updates and security patches as they are released.
Look for firmware update notices for:
- IP security cameras
- Other IoT devices
Don’t Forget Ongoing Cybersecurity Awareness Training
There’s no replacement for good employee cybersecurity hygiene. This involves knowing how to spot phishing emails and phishing through other means, like social media or SMS.
Employees should also know what constitutes password management best practices, how to properly secure their devices, and have a way to report any suspicious emails or system behaviors that could indicate malware.
Get Expert Help Keeping Your Firmware Secure & Current
NMX IT Solutions can help your Thames Valley area business ensure that your firmware isn’t left open to being breached.
Contact us today to schedule your consultation! Call 01628 232300 or reach out online.