wonderfully unique software solutions

Firmware hackers target embedded systems and IoT apps

Microsoft’s report of a a rise in firmware attacks partly reflects the rise of embedded systems and the Internet of Things (IoT), according to Richard Gall, blogging for cybersecurity vendor Macrium.

Gall said that Microsoft found that around eight in ten enterprises have suffered at least one firmware attack over the past two years. Firmware contains sensitive core information, such as encryption, that can make it a valuable target.

“[But] one trend not mentioned in [Microsoft’s] blog post is the growth of embedded systems and IoT. We can see this in the rise of a certain type of consumer product (think FitBits and Apple Watches) but the real boom is happening in industrial settings.

“As machinery becomes increasingly more connected and network enabled, accessing firmware could grow even further in value, as it could potentially give cybercriminals or cyberterrorists access to vital infrastructure.”

Microsoft said that businesses aren’t paying enough attention to firmware threats, with only 29% of security budgets allocated to defending firmware.

Gall agreed the industry could focus more on firmware issues, which can often be overlooked. Hopefully, this could encourage vendors to work out how to deliver “more sustained” defences.

“It’s nevertheless important to recognise we’re living in a world where the challenges are so complex and global that they will need to be driven by organisations like Microsoft working with hardware manufacturers,” Gall said.

Firmware programs sit between the operating system and the hardware, bridging those two critical building blocks of IT.

“In very simple devices, the firmware actually is the operating system. If all that a user needs is a way to interact with the specifics of the hardware, then firmware is sufficient,” said Gall.

Part of what’s needed is visibility into the firmware layer to ensure devices haven’t been compromised before boot-up or at runtime below the operating-system kernel. Most firmware attacks target the kernel or the physical hardware.

“The fact that so many cybersecurity teams are doing things manually that could be automated (82%) does require serious thinking,” said Gall.

Read the full explainer.

( Photo by Andres Urena on Unsplash )

Recent Articles

Agreement management vendor DocuSign to add AI with Lexion buy

Cloud documentation management software company DocuSign has agreed to acquire Lexion, rolling the latter's AI capabilities into its DocuSign Intelligent Agreement Management...

LastPass urges SMBs to tackle human cyber vulnerabilities

SMBs are more proactive yet still aren't patching cybersecurity gaps caused by the "human factor" -- that is, based on human psychology...

Four core GFI business manager applications add AI co-pilot

GFI Software has integrated AI co-pilot capabilities into four of its key business-focused applications with a view to optimised network performance and...

Extended detection and response (XDR) has become vital, says Stormshield

Extended detection and response technologies (XDR) have become a vitally important shield for all companies, according to sovereignty focused data, network and...

Is OSCP or CEH the best security certification for staff? CBT Nuggets explains

Deciding between Offensive Security Certified Professional (OSCP) and Certified Ethical Hacker (CEH) cybersecurity skills certifications can be "make or break" for staff,...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox