Cyber security: A big concern for business
Microsoft recently released a study alleging that companies around the world are ignoring a critical part of cyber-security. They need to secure laptops, routers, and other equipment from firmware attacks. Its survey of 1,000 cyber-security decision-makers at companies spanning various sectors in the UK, US, Germany, Japan, and China found that 80% of businesses had at least one firmware attack in the previous two years.
Before we move ahead and talk about the cases. We should understand firmware.
What is firmware and how it attacks?
Firmware is a form of permanent software code used to monitor all of the hardware components in a computer. Cybercriminals are increasingly developing malware that silently tampers with the firmware in motherboards. It gives direction to the PC when to boot up, or with the firmware in hardware drivers. Since the firmware code is in the hardware and is a layer below the operating system, this is a clever way to avoid a computer’s operating system or other program intended to detect malware.
Cases of firmware attacks
In the past two years, there are some firmware attacks uncovered, such as RobbinHood, ransomware that uses firmware to achieve root access to a victim’s machine and then encrypts all data before a Bitcoin ransom was charged. In May 2019, this malware took the data of many US city governments hostage.
Thunderspy is an attack that makes use of the direct memory access (DMA) feature that PC hardware components use to communicate with one another. An attacker can read and copy all data on a device without leaving a trail. The attack is possible even though the hard drive is secured, the computer is closed, or set to sleep.
- Pandemic accelerated the issue
According to Gabriel Cirlig, a security researcher with the US cyber-security company Human, firmware attacks are less likely to hit customers, however large corporations should be cautious. It is only effective against large organizations since they would attack particular types of motherboards and firmware. Cybercriminals target operating systems and popular software because they only make money if they get maximum number of end user. Firmware attacks are less frequent and more difficult to execute. The coronavirus pandemic has exacerbated the problem. The pandemic has resulted in an increase in the number of computers connected remotely to vital enterprise network networks. The National Institute of Standards and Technology (NIST), a US Department of Commerce body, is constantly updating a National Vulnerability Database (NVD) with new security vulnerabilities. In the past four years, the database has seen a fivefold surge in attacks on firmware.