Microsoft has expressed its concern by releasing the latest Security Signals report for March 2021 which displays that 80% of the organizations have undergone one firmware attack during the last couple of years. It claims that this is because these organizations are not allocating enough funds to protect the firmware.
If you are wondering about Firmware attacks, then the most popular one was that of the Fancy Bear attack in 2018 which manipulated the Unified Extensible Firmware Interface (UEFI) rootkit and marked many Windows PCs across the globe. Other examples of firmware include Derusbi, GrayFish, ThunderSpy, RobbinHood, Sauron, and many more. These attacks are considered dangerous because they can tamper with the code of the hardware especially the motherboard.
In response to such firmware, Microsoft came up with a “Secured Core” Windows 10 PC that does not allow any sort of malware to alter the ROM within the hardware. This secured core hardware includes the Arm-based Surface Pro X and HP’s Dragonfly laptops which can set you back by at least $2000. Besides, Microsoft also inculcated the UEFI scanner module within its Defender application to detect any sort of malicious software.
However, Microsoft believes that these measures are not enough and the enterprises must consider firmware attacks more seriously than ever. The latest study conducted by Hypothesis Group highlighted the fact that organizations are focussing on Security Updates, Advanced Threat Protection Solutions, and Vulnerability Scanning only without being concerned about Firmware Security. The report also stated that 46% of the organizations surveyed are looking for hardware-based kernel protections while 36% have already invested in hardware-based memory encryption.
Microsoft also states that “Many devices in the market today don’t offer visibility into that layer to ensure that attackers haven’t compromised a device before the boot process or at runtime below the kernel. And attackers have noticed,“.
This is true because the firmware is a type of software that does not constitute a part of your operating system like your apps, programs, and drivers. It is a type of software within the hardware that it stores very critical information like credentials and Encryption keys. And above all, this software does not get scanned by antivirus software.
To summarize, the study released by Microsoft points out that the current security model does not focus on preventing the system from potential threats but rather is based on detecting and then protecting it. This study included 1000 organizations out of which approx. 82% stated that they already had a lot of tasks on their plate like patching, hardware upgrades, managing vulnerabilities (internal & external), etc which consumed all of their allocated resources.