Understanding the Threat of Firmware Attacks

There are many different cyber-threats that organisations must be aware of in today’s world. One specific type of cyber-attack that has become more common of late is firmware attacks.

Firmware is a specific type of software code that is used to control various hardware within a computer. For example, firmware within a motherboard can control basic commands, such as when the device should start up.

According to Microsoft’s March 2021 Security Signals report—which surveyed over 1,000 organisations around the world—80 per cent of respondents said that they had experienced at least one firmware attack in the last two years. The study also found that only 29 per cent of cyber-security budgets allocated funds to protect firmware from attacks.

Attacks on firmware utilise malware in order to tamper with key components of a computer, such as the aforementioned motherboard or hardware drivers. These types of cyber-threats can be particularly difficult to detect due to the fact that firmware is at a layer within the device deeper than the operating system itself. As such, this type of attack may be able to bypass software designed to detect malware, as well as the entire operating system.

Firmware attacks are not often aimed at individuals, but larger firms should take the potential threat seriously. This method is more complicated for a cyber-criminal to utilise, but the coronavirus pandemic may have accelerated hackers’ use of such attacks. In order to protect your organisation from a firmware attack, consider these steps:

  • Update—Industry experts say that part of the reason for firmware vulnerabilities is that updating and patching potential security weaknesses is more complicated than doing so for software. Despite that hurdle, it’s important for organisations to take this step.
  • Consider new equipment—As the tactics of cyber-criminals continue to evolve, so too are defences. Given the recent rise in firmware attacks, some manufacturers are adding advanced security protocols to hardware that specifically address firmware security.
  • Be careful with USBs—USB devices have their own firmware. Plugging an infected USB into a computer will provide the malware with an easy path to spread.

For more information on firmware attacks and other cyber-security solutions, contact us today.