Firmware attacks become more common and sophisticated

HP Inc. (NYSE: HPQ) shares HP Wolf Security’s research, which shows that changes in the way organizations work are creating new firmware security challenges for IT teams. With hybrid working increasingly the norm, IT managers say it’s harder than ever to defend against firmware attacks.

The shift to hybrid work has changed the way organizations manage endpoint security and also revealed new challenges around device firmware security. The global HP Wolf Security Survey of 1,100 IT managers reveals the following:

The threat of firmware attacks is a growing concern for IT managers as hybrid employees increasingly connect from home networks:

  • due to hybrid work, there is a greater risk of connecting through insecure home networks, which leads to an increase in firmware attacks.
  • 83% of IT managers say that firmware attacks on laptops and PCs are a threat.
  • 76% of ITDMs say firmware attacks on printers are a threat.

Managing firmware security becomes more difficult and takes longer, leaving organizations more vulnerable:

  • 67% of IT managers say that protecting, detecting and remediating firmware attacks has become more difficult and time-consuming due to the increase in working from home.
  • 64% say analysing firmware configuration security has become more difficult and time consuming.
    As a result, 80% of IT managers are worried on endpoint firmware attacks.

Dr. Ian Pratt, Global Head of security for Personal systems at HP Inc. explains:

“Firmware attacks are much more difficult to detect or fix than typical malware. Often, expert and even manual interventions are required to remedy this. This significantly increases the cost and complexity of recovery, especially in hybrid environments where devices are not on site and IT teams do not have access to them.”

“At the same time, we are seeing an increase in destructive attacks – such as wiper malware. Last year, our research team saw attackers investigate firmware configurations, likely with the intent of exploiting unsecured configurations and for financial gain. Once an attacker is in control, he can exploit his position to gain persistence and hide from anti-malware solutions that are in the operating system (OS). This gives an advantage, as it allows them to maintain control over devices and gain access to the infrastructure of the entire enterprise.”

Despite the obvious risks that firmware attacks pose to organizations, device security is not always an important consideration when purchasing hardware. Many organizations continue to use technologies that are not built with proper security. This problem is exacerbated by the new shadow-IT, where employees, out of sight of IT, purchase devices to work remotely. HP Wolf Security’s Out of Mind and Out of Sight report shows that 68% of office workers who have purchased equipment to work remotely say that security has not been an important consideration in their purchase. In addition, 43% have not had their new laptop or pc checked or installed by IT or security.

Boris Balacheff, chief Technologist for Security Research and Innovation at HP Labs, said: “security must become part of the procurement process for new IT equipment. State-of – the-art device security provides protection for firmware from malware and physical tampering, with OS detection and hardware recovery itself-but this will only help address the issue for organizations that know how to ask the right questions when purchasing new devices.”

HP warns that one of the biggest problems organizations face is that they still rely on legacy equipment built to older industry standards. Security was not a focus of hardware and firmware, leaving a security hole that can only be closed in years.

Balacheff concludes: “as attackers continue to invest in the capabilities to attack PCs and other OT and loT devices or firmware level, organizations need to learn how to monitor the security status of devices and adapt their procurement policies to security requirements. This is to stay ahead of threats and to secure, detect and remedy firmware attacks in the era of hybrid works.”

About the author: Mia Patel

Mia Patel is a investigative journalist with a passion for unveiling the truth behind complex security breaches. With a background in investigative reporting and a knack for meticulous research, Mia has a track record of exposing corporate misconduct, government cover-ups, and online scams.

Related assays

Leaks of ambassador’s memos about the US government are ‘unacceptable’

James Ramirez

No end in sight in Qatargate: MPs made a living of murky deals

Sarah Thompson

Is evil REvil an Ukrainian cyber gang after all?

Sarah Thompson

Leave a Comment