Microsoft yesterday released a Security Signals report which shows that firmware attacks are on the rise, and detailed how they were working to help eliminate this entire class of threats. Some key points from the study include:
- Cybersecurity threats are always evolving, and today we’re seeing a new wave of advanced attacks targeting areas of computing that don’t have the protection of the cloud. New data shows that firmware attacks are on the rise, and businesses aren’t paying close enough attention to securing this critical layer.
- Firmware, which lives below the operating system, is emerging as a primary target because it is where sensitive information like credentials and encryption keys are stored in memory. Many devices in the market today don’t offer visibility into that layer to ensure that attackers haven’t compromised a device prior to the boot process or at runtime bellow the kernel. And attackers have noticed.
- Lack of automation is another factor causing organizations to lose time and detracting from building better prevention strategies. Seventy-one percent said their staff spends too much time on work that should be automated, and that number creeps up to 82% among the teams who said they don’t have enough time for strategic work. Overall, security teams are spending 41% of their time on firmware patches that could be automated.
<p><span lang=\"EN-US\">Firmware attacks can be extremely effective as they target the code controlling both the hardware and the software before it boots. This makes it challenging to mitigate against as it can often bypass drive encryption or even antivirus. Firmware attacks mean security needs to focus on being proactive rather than a legacy, reactive approach of protecting. Working together with Microsoft enables more machines to be more secure. Firmware patches are, as always, essential but streamlining them to become more automated will speed up this process and help businesses focus on other areas of information security.</span></p>
<p>The report does not surprise me at all. End-user devices, whether managed or not, are the new IT perimeter, and with the paradigm shift to work from anywhere, both IT and security teams \"need to consider the added threat landscape, both at the software and firmware level of these devices. This is why implementing a Zero Trust Security model is crucial now and into the future. It’s not enough to just validate the end-users\’ credentials, you must evaluate the trust status of the devices as well, before granting access to critical resources. Coupling it with anomaly detection across device endpoints and continuing to expand the detection capability will help strengthen the protection required for this new frontier.</p>