There have been a growing number of attacks on an area of a device that tends to be hidden from users, device firmware.
Over the last four years, firmware attacks have risen by 5x and in the last two years, it’s estimated that 83% of businesses have been hit with a firmware attack. Only, many companies don’t realize they have been attacked and may have a backdoor that’s been added to a server or PC.
The rise in threats to the firmware of devices is particularly troubling because it’s an area that many companies don’t prioritize in their cybersecurity planning. Firmware updates are often left undone, and some businesses aren’t completely sure what firmware is or why it’s a dangerous place for a hacker to breach a system.
It’s important to understand why firmware is such a rich target for attackers and the steps you can take to better protect your devices and network.
Firmware Explained: What Is It?
So, what is firmware, exactly? It’s a type of software but very different from the ones you normally use for things like word processing, or other business tasks.
The firmware provides operating instructions for the hardware of a device. It will tell a computer how to boot and load the OS. It also tells hardware how to communicate with other hardware, such as the device’s hard disk or solid-state drive.
All types of electronic devices need firmware to function, including computers, servers, printers, routers, smart appliances, and even your TV remote.
The flash ROM (read-only memory) is where firmware is stored. Firmware lives outside the operating system of the device. This is by design so it’s not readily accessible by the user because it would be really bad if a user accidentally did anything to change the firmware code. It could cause the device to stop operating properly.
However, this lack of transparency into the firmware layer of a device is one of the reasons why hackers are attracted to breaching it.
Does Firmware Get Updated Often?
The firmware does get updated, but not as often as other components of your computer, like the software and operating system. Those updates come for the same reasons as other updates, to install urgent security patches, bug fixes, or enable new features.
Users will often miss firmware updates because it’s not always obvious that an update is waiting. It often requires going into the manufacturer’s app on a device to find and install the update.
And when it comes to devices like routers, which are vital to a company’s network security, updates can go years without being installed, because people don’t usually log in regularly to their router settings.
This is yet another reason hackers are going after firmware with a vengeance right now.
Why Are Hackers Attracted to Firmware?
Firmware Offers High-Level Access to a Device
When a hacker breaches the firmware of a device, they have access to high-level privileges and can even impact the operating system. For example, changing the instructions on how operating system updates are applied, can leave vital security patches undone.
Firmware is also often where user credentials are kept. This allows hackers to not only gain access to user logins but also create their own users with high-level device privileges.
Firmware Has Several Options for Attacks
When firmware first began being a noticeable target for hackers, back in 2013-2016, it was mainly used to plant back doors, allowing hackers to gain entry to a computer or server anytime they liked to steal information.
Then as attackers realized they could do more in the firmware layer without being detected, they began planting ransomware and other types of malware in firmware. Because the firmware is the operating instruction manual for a device, it offers hackers several options for devastating attacks.
Hackers Can Hide from the User
Because of the built-in opaque nature of firmware, attackers can often hide and fly under the radar. Anti-malware programs installed in an operating system, can’t see into the firmware layer, so they’re unable to detect intrusions.
In some cases, Companies may know they’ve been breached in some way, but can’t identify where the breach occurred because of the lack of transparency.
What Can We Do to Protect Against Firmware Attacks?
The steep rise in firmware attacks and the fact that a breach of this kind can be particularly damaging makes it a priority to safeguard your hardware.
There are a few different ways you can help defend against an attack on your company’s firmware:
- Buy Hardware With Firmware-Level Protection: Companies like Microsoft and HP are bringing out PCs that have zero-trust security measures built-in as well as more visibility into the firmware layer. When purchasing new computers/servers, look for hardware-level safeguards like this.
- Keep Firmware Updated: It’s vital to include firmware in any patch and update management plan. The easiest way to do that is through managed IT services.
- Conduct Ongoing Security Awareness Training: Firmware attacks originate the way other types of attacks do, which is largely through phishing emails. Keep users well-trained in identifying phishing to safeguard against a breach.
How Secure Is Your Device Firmware from Attack?
Unbound Digital can help your Johnson City, Tennessee business with a full cybersecurity review to identify any firmware vulnerabilities and recommend solutions.
Contact us today to schedule a consultation. Call 423-335-2461 or reach us online.