Most of us are aware now of the risk that cybercriminals pose to us, on an even daily basis. We’re aware of the concepts and the jargon – the phishing, the spam, the Trojans and the ransomware – but are people aware of firmware attacks? Well, it turns out apparently not. According to a recent report from Microsoft, over 80% of enterprises surveyed said they’d experienced a firmware attack within the past couple of years, however only 29% of security budgets are allocated to protect against such threats.
With that in mind, the team here at Nutbourne, a London managed service provider who offer extensive cybersecurity solutions, wanted to take a look at this rising threat in more detail.
What Is Firmware?
First, though, it’s worth looking at what firmware attacks actually are. Firmware is the term given for a specific piece of software stored on a device’s hardware so that it runs properly. It differs from most software in that the data is ‘fixed’ as opposed to software which refers to data interacted with by users in some way. In other words, firmware represents the core of your hardware.
What, Then, Is A Firmware Attack?
Firmware attacks (which are exactly that, a cyberattack on a device’s firmware) are hard to stop because of the fact that they’re able to compromise a device before it’s even started up properly. Wait, what? Yes, you read that right – firmware attacks insert a malicious piece of coding into the very lowest levels of a device, the parts which regulate the initial boot-up.
How Common Are Firmware Attacks?
More common than you might think is the answer. The stat from Microsoft reference at the beginning of the blog post gives you an indication as to how prevalent these attacks are; what’s more, organised Russian cybercriminal gangs launched notable firmware attacks back in 2018, whilst last year diplomats and NGOs were found to be being targeted by a particular firmware rootkit. These are just two examples of how cybercriminals are leveraging this nefarious technology. If one thing’s clear, though, it’s that these attack types are here to stay.
Common Types Of Firmware Attack Delivery Vector
Firmware attacks can take place through a number of delivery vectors, including:
Rootkits are collections of software used by hackers and other cybercriminals to gain access to an otherwise unauthorised area of a device or a particular area of its software. Rootkits are typically installed through Trojan Horse programs. Rootkits provide hackers with a ‘backdoor’, they can appropriate computers for use as so-called zombie computers (which can then attack other computers) as well as being used to conceal other malware.
Bootkits are a particularly dangerous type of rootkit that affect and infect a device’s start-up codes; this might include its boot sector, Volume Boot Record (VBR), its Master Boot Record (MBR) or all three. Bootkits tend to be used in the somewhat dramatically named evil maid attacks. These are when the kit is uploaded physically onto an unattended device and the firmware of the device is compromised using the bootkit typically via an external drive of some kind.
How You Can Manage Firmware Attack Threats
In order to gauge fully whether or not your company is at risk, it’s important you allow an external company such as ours in to fully audit your current cybersecurity provision. It might be the case that you’re already pretty up to speed, or it might be that you need an entire overhaul.
Our teams will assess your network and all the devices on it, and gauge whether any firmware might be at risk. We will then continue to actively monitor – as with all our cybersecurity solutions – any and all risks on a network, as well as the application of patches and updates, as and when are necessary.
One of the easiest things you can do right off the bat, however, is make sure that all your firmware is updated to the latest possible version. These newer versions may contain bug fixes as well as helping protect against unwanted modification.
A large part of protecting your IT systems is understanding their potential vulnerabilities, and the different ways in which they might be attacked. Our cybersecurity solutions centre not only on active protection, but on client education as well, so that you yourself better understand the risks your IT systems face.
So, if you’d like to find out more about our cybersecurity solutions, then get in touch! Contact Nutbourne today on +44 (0) 203 137 7273. Alternatively, you can fill out one of our online enquiry forms. Or, if you’d rather, why not talk to one of our agents via live chat on our website! However you choose to get in touch, we look forward to hearing from you.