Destructive firmware attacks: How to defend your firmware?
Firmware on endpoint computers is often overlooked during regular security patching in organizations, which can provide attackers with highly destructive capabilities and difficult detection by endpoint security tools (eg. antimalware, EDR/XDR).
According to research conducted by HP Wolf Security, the transition to hybrid operating models has presented IT teams with major firmware security challenges. The increasing frequency of connecting from home networks in a remote location has brought new risks of working on potentially insecure home networks, which has significantly increased the threat level posed by firmware attacks.
Organizations face a major challenge of managing firmware security in a hybrid environment to ensure protection, detection and recovery from firmware attacks.
The growing threat of destructive firmware attacks
Firmware attacks are highly destructive and much more difficult to detect or correct than common malware, and often require professional and even manual intervention. Hybrid operating models increase the cost of firmware protection, since devices are off-site and cannot be accessed by IT teams. In addition, multiple endpoints outside the protection of the corporate network also increase exposure to attacks coming over unprotected networks.
The malware allows an attacker to control the device configuration while bypassing the anti-malware that exists in the OS, allowing it to stealthily access infrastructure across the enterprise and cause massive damage.
The importance of device security
In the process of acquiring devices, many companies ignore the issue of security, especially in the conditions of 'working from home' in which employees buy and connect devices outside of IT competence.
In addition, one of the key problems is the use of old devices that are built according to older standards, which leaves it easier for attackers to penetrate the enterprise infrastructure.
With the growing threat of firmware attacks in mind, companies must continuously learn how to monitor device security to minimize firmware attacks and the risks that such attacks carry.
Learn more: Help Net Security