The firmware of a device is the code that provides hardware operating instructions. It’s typically not interacted with much by a user and doesn’t get updated nearly as often as the operating system or other device software.
When companies are planning their IT security strategy, most aren’t putting firmware protection at the top of their list. According to Microsoft’s March 2021 Security Signals report, only 29% of IT budgets are typically focused on securing firmware.
This is one of the reasons the Security Signals report found that within the last two years 83% of organizations have undergone firmware attacks, and attacks have risen five-fold in four years.
Hackers have been turning their attention to firmware for several reasons and going after information at a deeper level than the operating system.
One of the newer threats is TrickBoot, which is a new tool added to the TrickBot family of malware. Once Trickbot infects a device, through phishing or other means, the TrickBoot component is designed to discover any firmware vulnerabilities on a device that can allow the attacker to read/write or erase firmware.
Types of Firmware
All devices will have firmware, including computers, routers, printers, servers, and all types of IoT devices. The firmware is basically the operating manual for the hardware.
When it comes to a computer, there are two main types of firmware:
- BIOS (Basic Input-Output System): Loads the bootloader that boots the operating system
- UEFI (Unified Extensible Firmware Interface): A successor to BIOS, connecting hardware components to the OS
Why Firmware is Such a Rich Target for Hackers
Firmware Contains High-Level Information
The firmware layer can contain sensitive details that make life easier for a hacker, such as information about the operating system and other components on a computer.
It also is often where user credentials are stored, giving hackers a list of approved usernames and passwords to work with. Breaching the firmware level also allows them to create their own credentials and grant those the highest level of privilege.
Provides Control Over the Operating System
Because the firmware is the code that tells a device how to boot and how to load the operating system, hackers can ensure their malicious code is loaded and runs first.
The firmware not only tells the OS to boot and initialize but how to boot. So, an attacker gaining the ability to write new firmware instructions could tell an OS not to boot a vital antivirus or malware protection app. They could also alter how the OS applies updates and patches.
Allows Hackers to Remain Undetected
One of the biggest advantages for attackers breaching the firmware layer of a device is that they can often go undetected. There is a lack of transparency that most systems have between the OS (where the user works) and the firmware.
This makes it difficult for companies to realize they’ve been hacked because standard anti-malware and threat monitoring programs are watching at the OS level and can’t see into the firmware.
Enables a High Amount of Damage
Breaching the operating instructions for hardware allows for the maximum amount of damage to a device. Not only could a hacker steal information on the OS level, but they can also cripple a device by rewriting the firmware.
Some of the typical attack types at this level include:
- Modifying and sabotaging the firmware so the system won’t function properly
- Targeting areas of the OS
- Infiltrating software
- Plating malware at a deep, hard-to-detect level
- And more
Firmware Often Isn’t Updated Regularly
Firmware updates often go unapplied for long periods because users aren’t aware of them. Firmware updates aren’t as “in your face” as updates for software and the operating system, so they can easily be missed, leaving a device more vulnerable to attack.
Manufacturers Have Been Slow to Incorporate Hardware-Level Protections
Part of the responsibility for the increased firmware attacks over the last four years lies with the manufacturers. They haven’t historically provided much visibility into the firmware layer, nor have they added strong hardware-level protection against breaches.
This is especially true for consumer, non-business, computers. This is why companies need to purchase business PCs for company needs rather than off-the-shelf consumer-grade hardware.
Malware in Firmware is Persistent
Even after a system is reformatted to reset the OS in an effort to remove malware damage, malware in the firmware layer can remain. This allows the hacker to regain access, their “back door” still intact.
Persistent attacks are a common threat with a firmware-level breach because hackers are at such a deep level in the device hardware.
Improve Your Firmware Protection & Cybersecurity
ECN IT Solutions can help your Tucson business with a full firmware assessment to identify any vulnerabilities and provide solutions to keep your data and devices secure.
We’re here and ready to talk security solutions with you! Reach out at 520-200-1055 or through our website.
ECN IT Solutions is a managed service provider (MSP) based in Tucson, Arizona that provides full-service, outsourced IT Support for companies across the Southwest. We offer network monitoring and management, cybersecurity, and a help desk with a response time of under 10 minutes. For more information, contact us online or call (520) 355-7553 and we’ll get in touch with you faster than you can believe.