- DHS Releases New Cybersecurity Rules for Pipelines After Colonial Ransomware Attack
- Aruba Networks Pen Test Finds Multiple Router Vulnerabilities
- Sonicwall Firmware Vulnerability Subject of “Imminent Ransomware Attack”
- Cisco Talos Discovers Router Vulnerabilities, Offers Patch
- Hewlett Packard Enterprise Launches Platform to Automatically Verify Hardware Integrity
Why is Firmware an Attractive Target?
Firmware is at the core of every device. Compromised firmware is difficult to eliminate. If you control the firmware, you can steal data, shut down critical infrastructure systems, and do almost anything you want to that machine.
Firmware attacks are hard to find and will remain in place even after a reboot or drive swap. Even a breach into a single “smart” coffee pot in the breakroom can lead to serious disruptions. It could affect entire IT networks or critical operational technology. Weapon systems, flight control systems, water purification systems, nuclear power systems and more.
Firmware Attacks are Persistent
Firmware attacks can persist even after a reboot, OS reload or hard drive swap. Normal incident response remediation will not eliminate a firmware threat.
Firmware Attacks are Stealthy
Firmware sits below the OS where traditional malware detection tools have zero visibility. Attackers can get in, then lie in wait for months planning their attack without ever being noticed.
Firmware Attackers Can Take System Control
If you control the firmware, you control the system and can bypass existing security measures to take complete control.
Firmware is Everywhere
Firmware is a critical part of every device – it sits at the heart of every server, storage device, router, workstation, printer, SCADA device and IoT device on your network. It is also deep inside critical infrastructure such as refineries, power plants, and nuclear plants.
Firmware controls functions above the operating system like a master puppeteer. In IoT and OT devices, firmware may be the only code on the system. When compromised, firmware can not only steal data but wreak havoc, and even shut down operations and take out critical infrastructure.
Firmware Threats are Real and Increasing
Firmware and hardware roots-of-trust is the new battlefield. Nation states and bad actors are increasingly exploiting vulnerabilities in firmware because it is an attractive threat vector that currently is not monitored.
Studies show that 80% of enterprises surveyed have experienced one firmware attack during the past two years.
You Have Zero Visibility into Firmware Vulnerabilities Today
Up to 50% of the code on your network is firmware, and it is not being actively monitored. Your entire security posture is ignoring the most vulnerable threat vector on your network. No amount of oversight from traditional cybersecurity tools can deliver visibility here. You could be compromised at this layer of security and never know it.
Without continuous firmware monitoring, organizations have no ability to identify or remediate breaches, much less meet compliance requirements.
Ignoring Firmware is Compromising our Supply Chain and National Security
% of businesses that report having firmware attacked since 2019
% of companies admittedly unprepared for a firmware attack
% increase in attacks since 2017 per the NVD
Every Major Cybersecurity Framework Requires Continuous Monitoring of Firmware
NIST SP 800-53 calls for continuous monitoring to detect unauthorized changes in firmware. Almost every other major cybersecurity framework have followed suit. FISMA, FEDRAMP, HIPAA, PCI, GDPR and ISO all call for continuous firmware monitoring. In addition, all Federal Agencies must follow the NIST Cybersecurity Framework pursuant to Presidential Executive Order. Finally, the DFARS and CMMC, require DoD contractors to monitor firmware. To pass audits and avoid fines, organizations need a continuous firmware monitoring solution.