- Enterprises are underinvesting in firmware security despite a rise in targeted attacks, according to a March study commissioned by Microsoft. More than 80% of enterprises have seen at least one attack against their firmware in the past two years, yet only 29% of security budgets are allocated toward protecting firmware.
- While enterprises are investing in security updates, vulnerability scanning and solutions for advanced threat protection, IT security officials are more worried about the difficulty of detecting malware threats, in part because firmware attacks are hard to catch, according to the report, conducted by the Hypothesis Group. The report is based on interviews with 1,000 enterprise security decision makers in the U.S., U.K., Germany, China and Japan.
- Industry has in recent years seen a rise in attacks targeting firmware and other forms of computing hardware. Russia-backed Fancy Bear, the group that Microsoft dubbed Strontium, launched attacks through firmware and attacked corporate IoT devices. In mid-2020, a campaign known as Thunderspy used the Intel Thunderbolt ports to gain control over direct memory access (DMA).
Firmware provides access to critical information, including credentials and encryption keys, which can be used to compromise systems before anyone realizes an attack is underway.
There has been a five-fold increase in attacks that target firmware over a four year period, according to Microsoft, citing data from the National Institute of Science and Technology. The concern is that IT security officials are still much more focused on protecting against software-based vulnerabilities and not actively monitoring attacks at the hardware level.
"Recently the industry has seen an increase in attacks against firmware and hardware, targeting the sensitive information that lives in a device’s memory, or the kernel," a Microsoft spokesperson said via email. "The reason attackers are targeting these layers of computing is because they live below the operating system and go unmonitored, meaning attackers can lay in wait to encrypt the device and secure the biggest ransomware payout."
Microsoft has been working for several years with technology companies, including chip makers, personal computing firms and other companies, to develop what are called secured-core PCs that are less vulnerable to these types of attacks on the kernel. Microsoft announced plans in March at Microsoft Ignite to extend secured-core to the server and IoT devices.
Intel, which has been working alongside numerous technology companies to enhance hardware security, released a global study in March showing 76% of respondents said it was highly important for a technology provider to offer hardware-assisted capabilities that are designed to mitigate software exploits. The Intel study, conducted by the Ponemon Institute, was based on a survey of 1,875 IT security officials in the U.S., U.K., Europe, the Middle East, Africa and Latin America.