Computing giant Microsoft recently put out a report stating that businesses around the world are neglecting a vital aspect of their cyber-security, and that is the need to protect their computers, their servers and other devices that they have from firmware attacks.
Microsoft warns businesses of firmware attacks
Microsoft did a survey of 1,000 cyber-security decision makers at businesses across numerous industries in the United States, UK, Japan, Germany, as well as China, and it has revealed that 80% of firms have experienced at least one firmware attack in the past two years.
However, only 29% of security budgets have been allocated to protect firmware.
The new report comes on the back of a recent security vulnerability affecting Microsoft's widely-used Exchange email system.
The company launched numerous extra-secure Windows 10 computers in 2020 that it says will help prevent firmware from being tampered with.
How a firmware attack works
Firmware is a type of permanent software code that is used to control each hardware component in a PC.
Cybercriminals are creating malware that quietly tampers with the firmware in motherboards or with the firmware in hardware drivers.
This is considered as a very sneaky way to bypass a computer's operating system or any software designed to detect malware, because the firmware code is located in the hardware, which is a layer below the operating system.
Security experts stated that even if IT departments are following cybersecurity best practices like patching security vulnerabilities in software, or protecting corporate networks from malicious intrusions, a lot of businesses are still forgetting about their firmware.
Robert Potter, an Australian cybersecurity researcher stated that people do not think about it in terms of their patching, it is not often updated and when it is, there are instances that it breaks things.
Potter built the Washington Post's cybersecurity operations center and has advised the Australian government on cybersecurity.
He said that firmware patching can be tricky so for a lot of companies, it has become a blind spot.
There have been a lot of major firmware attacks that were discovered in the last two years like the RobbinHood, which is a ransomware that uses firmware to get root access to a target's computer and encrypts all of the files until a Bitcoin ransom has been paid.
This type of malware held the data of numerous US city governments hostage back in May 2019.
Another one is Thunderspy, which is an attack that utilizes the direct memory access or the DMA function that PC hardware components use to talk to each other.
This attack is so stealthy that an attacker can read and copy all data on a computer without leaving a trace, and the attack is possible even if the hard drive is encrypted, the computer is locked, or set to sleep.
Chris Boyd, a malware intelligence analyst at security firm Malwarebytes said that if device firmware has no protection in place, or if the protection can be bypassed, then the firmware compromise is both incredibly serious and potentially invisible.
This article is owned by Tech Times
Written by Sieeka Khan