According to a Microsoft report on firmware attacks for March 2021, 80% have encountered at least one firmware assault in the last two years. This is the sharp rise in Firmware Attacks Globally but firmware defence receives less than a 3rd of safety budgets Attacks Globally .
Firmware attacks are difficult to combat. In 2018, the state-sponsored hacking community APT28, also known as Fancy Bear. It was discovered using a UEFI rootkit to attack Windows PCs. Robinhood, Uburos, Derusbi, Sauron, and GrayFish are examples of attacks that rely on hardware drivers. Moreover, ThunderSpy, a theoretical attack aimed at Thunderbolt ports.
Expert Opinion – Rise in Firmware Attacks in 2021
Asaf Karas Chief Technical Officer at Vdoo says:
Firmware developers and OEMs can enhance their firmware and system security by design. Rather than relying on external safety mechanisms implemented at the OS level to prevent exploitations.
This can be achieved by constantly analysing the firmware security posture in the SDLC process. More specifically, in its development state before delivery, as this is the state in which attackers look for flaws.
Firmware analysis tools help manufacturers and asset owners identify security vulnerabilities early in the process. It is for making remediation faster and less costly.
Sr. Product Manager at OneLogin says:
End-user devices, whether controlled or not, have become the new IT framework, and with the change to operate from almost anywhere, both IT and security teams must understand the increased threat environment, both at the software and firmware tier of such devices. This is why, now and in the future, adopting a Zero Trust Security model is important. Before granting access to sensitive services, you must not only verify the end-user’s credentials but also determine the confidence status of the devices. It will be strengthened by combining it with outlier detection across system nodes and proceeding to extend the detection performance.
Microsoft Windows 10 New PCs
Last year, Microsoft introduced a new line of “Secured-Core” Windows 10 PCs. It is to fight malware that interferes with the code that boots a computer. Also, Microsoft Defender ATP now contains a UEFI scanner that searches for malware within the firmware configuration.
However, as per a study conducted by Microsoft’s Hypothesis Group, businesses aren’t taking global firmware attacks seriously enough.
Security upgrades, vulnerability testing, and advanced threat protection technologies are all receiving current investment, according to the report.
It’s important to note that Microsoft is marketing its “emerging class of secured-core hardware”. It will include the Arm-based Surface Pro X with the SQ2 processor, which starts at $1,500, and HP’s Dragonfly laptops, which start at $2,000.
However, the business doesn’t have a legitimate argument. Firmware is a layer under the operating system that stores passwords and private key in memory, hidden from virus protection.
Microsoft Report on the Rise in Firmware Attacks
The concern would be whether network administrators are paying enough attention to possible attacks in the future. They aren’t, as per Microsoft. According to the Security Signals report, 36% of companies invest in hardware-based memory encryption and 46% in hardware-based kernel defences.
Microsoft’s research reveals that security teams are focusing on “protect and detect” security models. It is with just 39% of security teams’ time is spending on prevention.
According to Microsoft, one example of this obsolete paradigm is the lack of constructive security spending in kernel attack vectors.
The Rise in Firmware Attacks and Covid-19
The COVID19 pandemic has caused a great deal of fear, anxiety, and a significant shift in our way of life. Organizations have had to respond to the demand for remote working on a large scale and at a rapid pace. Many businesses have been forced to restructure their physical offices and policies, which were put in place in a rush to allow workers to operate from home without the requisite preparation or planning. Most of these businesses and organisations have no plans in place to deal with such a large and abrupt shift in such a short period.
Because of the evolving cyber threats and security incidents affecting vulnerable people and networks across the world, cybersecurity during the coronavirus disease 2019 (COVID19) pandemic is a very serious concern. 2 The emphasis of this paper is on the cybersecurity problems that have arisen in different environments as a result of the global pandemic.
The Most Popular Methods For Attacking Your Computer
Scams and phishing, malware, and DDoS attacks are the three types of cyberattacks. Those occurred during the pandemic.
Phishing and Scams
Various forms of scams and phishing are the most widespread and successful attacks during this pandemic. Phishing attacks, in particular, have a success rate of 30% or higher.
It’s highly worrying that an attacker only wants a tiny portion of clicks to make a profit or achieve other goals. As a result, delivering thousands of emails to victims requesting funding assistance from the government, their employers, banks, and other sources would yield immediate and massive rewards.
In the first quarter of 2020, coronavirus-related phishing email attacks increased by 600%. Cybercriminals also use more advanced methods to entice victims, such as encrypting their websites with HTTPS encryption protocols.
In reality, SSL builts on approximately 75% of phishing sites. Webmail and SoftwareasaService (SaaS) users are also the most related to the various phishing fields.
Malware
Computer viruses, worms, a Trojan horse, spyware, and ransomware are examples of malware. During the pandemic, cybercriminals and APT groups took advantage of the opportunity to threaten vulnerable individuals and systems by sending malicious through emails and websites.
In reality, an email infected 94% of computers infected with malware. For organisations that are deeply responsible for dealing with the pandemic, specific forms of malware, such as ransomware, would be more powerful.
Distributed Denial‐of‐Service (DDoS)
A DDoS attack is also known as the most undefendable cyberattack today due to its ease of execution and effect on the victim. Unlike conventional denial-of-service attacks, a DDoS attack uses various attack channels and multiple hosts to initiate a synchronized denial-of-service attack against one or more targets, potentially amplifying the attack power and complicating security.
During the pandemic, JISC, the UK’s university Internet service provider, was subjected to a DDoS attack, which interrupted students’ and staff’s access to university IT services and the Internet. It’s also worth noting that DDoS attacks are also threatening healthcare organisations.
Final Word
The good news is that as people become more aware of the risks of the firmware. They are more likely to invest in safeguards.
During the COVID19 pandemic, cybersecurity problems debated and examined. The report highlights and summarises notable cyberattacks and vulnerabilities. There is a discussion of a variety of realistic approaches to reducing the threats of cyberattacks. It also includes potential mitigation strategies.
Cybercriminals and APT organisations have taken advantage of the pandemic by attacking vulnerable individuals and networks. Besides that, it is unlikely that this condition will improve shortly. For a variety of factors, healthcare institutions have become one of the most common targets of cyberattacks since the pandemic.
