ANOTHER example of a kinetic firmware attack! Here a modified firmware “update” is loaded on to a widely used UPS device and to brick the device. You can even see the device smoke up!! If you’re not continuously monitoring your devices below the operating system you are never going to detect an unauthorized change at the firmware layer.
At the highest levels, US government officials are calling attention to the growing problem of firmware scurity weaknessess, saying securing the firmware layer is an “often overlooked” single point of failure in devices that is “one of the stealthiest methods in which an attacker can compromise devices at scale.”
Another week, another firmware vulnerability and POC attack, this time for Netgear routers. This stack-based overflow vulnerability was discovered by NCC Group and can be exploited on the LAN side of the router and does not need authentication. It allows an attacker to get remote code execution as the admin user (highest privileges) on the router if a printer is directly connected to the router via a USB port.
CISA Reports the sandworm actor (previously noted as coming from the Russian GRU), has replaced the exposed VPNFilter malware with a new more advanced one.
Cyber attacks attributable to nation-states will no longer be covered, per this bulletin, almost guaranteeing cyber incidents impacting critical infrastructure will no longer be covered,
Kaspersky has been tracking deployments of the spyware known as FinSpy (also known as FinFisher or Wingbird) since 2011. This infamous surveillance toolset has been historically implanted through a single-stage installer on Windows machines. Recently the Kapersky team reported several findings that focused on suspicious installers of legitimate applications that had been backdoored with a relatively small obfuscated downloader. Read more about their investigation and findings below.
Firmware attacks and industry attention to this growing problem has taken a front stage today as industry giant Microsoft, Inc announced their acquisition of ReFirm Labs to enhance IoT security. Microsoft acknowledges the growth in recent attacks and in their own research has found that over 80% of organizations reported being attacked at the firmware level in the last two years. Read how their acquisition changes the firmware security landscape today.
Officials say tighter cybersecurity requirements are needed across critical infrastructure to avoid ransomware attacks on critical infrastructure. Operators at chemical plants, electric grids and others are being asked to undertake a cybersecurity assessment and report to CISA within 30 days.
The RSA breach rocked the cyber security world 10 years ago, but most people are just now coming to understand its significance. In addition to spawning 10 years of rampant state-sponsored attacks and supply chain hacks, only now can we see how this breach was both a lesson to security pros and the start of what is now the modern era of digital insecurity.