Firmware is increasingly becoming a lucrative target for cyberattackers because of the type of information they store - sensitive information like credentials and encryption keys. A global survey conducted by Microsoft revealed that a vast majority of companies were victims of a firmware-focused cyberattack.
What’s in the report?
According to a survey by Microsoft, cyberattacks against firmware are increasing rapidly and outpacing traditional cyber defenses. The survey polled 1,000 security decision-makers based in Germany, China, Japan, the U.K, and the U.S.
- More than 80% of companies experienced at least one firmware attack in the last two years.
- Even though firmware-based attacks are growing, only 29% of the security budget is reserved for firmware security.
- Most of the security investments were aimed at vulnerability scanning, security updates, and advanced threat protection solutions.
- Around 21% of decision-makers confirmed that their firmware data goes unmonitored.
Further, the NIST’s NVD has disclosed a five-fold increase in firmware-based attacks since 2017.
The survey discovered that around 46% of companies have invested in hardware-based kernel protections and only 36% have invested in hardware-based memory encryption so far.
- Security teams are mostly prioritizing detection and incident response rather than the prevention of firmware attacks. Only 39% of security teams spent their time on the latter.
- A vast majority, 82%, of respondents reported that they don’t have the resources to allot to more high-impact security work because they are spending more time on lower-yield manual work.
- Around 71% percent stated that their staff spends most of their time on work that should be automated.
A recent incident
In the previous month, two working exploits were identified for Linux and Windows platforms that could dump LM/NT hashes (Windows) and the /etc/shadow file (Linux) from the victim devices' kernel memory.
From webcams to sound cards to batteries, your computer systems contain a plethora of firmware, hence its security cannot be undermined at any cost. A major gap has been observed between investments for firmware security and other critical areas of security, urging proper resource allocation. Experts suggest that while timely upgrades of firmware can help decrease downtime and increase end-user productivity, it would also free up security teams to work on other projects and organizations can diversify security investments accordingly.