Firmware attacks, a grey area in cybersecurity of organizations

A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack.

Microsoft recently published a report that states, titled “March 2021 Security Signals report,” that revealed that more than 80% of enterprises were victims of at least one firmware attack in the past two years. The study pointed out that only 29% of the targeted organizations have allocated budgets to protect firmware.

A vast majority of companies in a global survey from Microsoft report being a victim of a firmware-focused cyberattack, but defense spending lags, but defense spending lags.

The study was based on the contribution of 1,000 enterprise security decision-makers from China, Germany, Japan, the U.K. and the U.S. – showed that most security investments are going to security updates, vulnerability scanning and advanced threat protection solutions.

“The study showed that current investment is going to security updates, vulnerability scanning, and advanced threat protection solutions.” reads the report published by Microsoft. “Yet despite this, many organizations are concerned about malware accessing their system as well as the difficulty in detecting threats, suggesting that firmware is more difficult to monitor and control. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation.”

Firmware is a specific class of computer software that provides the low-level control for a device’s specific hardware.

Firmware is becoming a privileged target of threat actors because it usually holds sensitive information like credentials and encryption keys. This data is confirmed by the National Institute of Standards and Technology’s (NIST) National Vulnerability Database (NVD) has shown more than a five-fold increase in attacks against firmware in the last four years.

The lack of investments focused on firmware protection, such as Kernel data protection (KDP), or memory encryption, is one of the most worrisome data emerged from the report.

“Hardware-based security features such as Kernel data protection (KDP), or memory encryption, which blocks malware or malicious threat actors from corrupting the operating system’s kernel memory or from reading it at runtime, is a leading indicator of preparedness against sophisticated kernel-level attacks.” continues the report. “Security Signals found that only 36% of businesses invest in hardware-based memory encryption and less than half (46%) are investing in hardware-based kernel protections.”

According to the report, 21% of decision-makers admitted that they are not able to monitor firmware data. 82% of respondents to Microsoft’s survey admitted that they don’t have the resources to allocate to prevent firmware attacks.

The report also highlights the risks of hardware-based attacks like the ThunderSpy attack targeting Thunderbolt ports, which use direct memory access (DMA) feature to compromise devices accessing to the Thunderbolt controller.

Most of the organizations (71%) have their staff wasting time on activities, overall, security teams are spending 41% of their time on firmware patches that could be automated.

Fortunately the level of awareness on firmware risk is increasing driving more invest in this area.

“Eighty-one percent of the German companies we surveyed were prepared and willing to invest, as compared to 95% of Chinese organizations and 91% of businesses in the U.S., UK, and Japan. Eighty-nine percent of regulated industry companies felt willing and able to invest in security solutions, although those in the financial services sector are not quite as ready to invest as companies in other markets.” concludes the report.

“Those that do make the right investments are seeing returns, and surveyed organizations that made a real investment in security saw a big payoff.”

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, firmware attacks)

[adrotate banner=”5″]

[adrotate banner=”13″]