The global IT infrastructure has become increasingly interconnected and interdependent. As a result, operational resilience continued to be high on the agenda for CISOs. As organizations have matured in their management of software threats, many struggle with poor visibility and inadequate tools to defend against lower-level threats targeting hardware and firmware, which proves to be an obstacle to resilience.
Supply chain attacks can take many forms, from ransomware groups compromising supplier infrastructure to tampering with hardware and firmware. Beyond the disruptions, the reason these attacks are so damaging is that they undermine the hardware and firmware foundations of devices, often in ways that are difficult to detect and remediate, meaning that software and data security are compromised. is not reliable.
Regulators have begun to act to strengthen supply chain security. The UK has implemented new IOT cybersecurity regulations and is currently drafting a Cybersecurity and Resilience Bill to “broaden the scope of regulation to protect more services and digital supply chains”. In the United States, Executive Order 14028 accelerated the development of software supply chain security requirements for government procurement, explicitly including firmware. The EU is introducing new cybersecurity requirements at every stage of the supply chain, starting with software and services with the Network and Information Systems Directive (NIS2), and extending to the devices themselves with the Cyber Resilience Act, to ensure safer hardware and software.
An HP Wolf Security survey found that 30% of UK organizations say they or others they know have been affected by state-sponsored actors attempting to insert hardware or firmware malware into PCs or printers, highlighting the need to manage security risks of physical devices.
Attacks on hardware and firmware have major consequences
The impact of failing to protect the integrity of endpoint hardware and firmware is high. Successful compromise at these lower layers can provide attackers with unparalleled visibility and control over a device. The attack surface exposed by hardware and firmware has for years been the target of skilled and well-resourced threat actors, such as nation states, providing a stealthy foothold beneath the operating system (OS ). But as the cost and skill required to attack hardware and firmware decreases, this capability is finding its way into the hands of other bad actors.
Given the stealthy nature and complexity of firmware threats, real-world examples are not as common as malware targeting the operating system. Examples like LoJax, in 2018, targeted PC UEFI firmware to survive OS reinstallations and hard drive replacements on devices lacking protection. More recently, the BlackLotus UEFI Boot Kit was designed to bypass boot security mechanisms and give attackers full control over the operating system boot process. Other UEFI malware such as CosmicStrand can launch before the operating system and security defenses, allowing attackers to maintain persistence and facilitate command and control of the infected computer.
Companies are also concerned about attempts to tamper with devices in transit, with many saying they are indiscriminate and unequipped to detect and stop such threats. 75% of UK organizations say they need a way to verify hardware integrity to mitigate the threat of device tampering.
Maturing the approach to endpoint hardware and firmware security
In recent years, IT teams have improved their management and monitoring of device software security configuration, and are improving their ability to track software provenance and provide supply chain assurance. Now is the time to bring the same level of maturity to hardware and firmware security management and monitoring throughout the lifespan of endpoints.
Organizations can start by taking the following steps:
- Securely manage firmware configuration throughout a device’s lifecycle, using digital certificates and public key cryptography. By doing so, administrators can begin managing firmware remotely and eliminate weak password-based authentication.
- Use vendor factory services to enable robust hardware and firmware security configurations out of the box.
- Adopt Platform Certificate technology to verify hardware and firmware integrity once devices are delivered.
- Monitor ongoing compliance of device hardware and firmware configuration across your entire device fleet: this is an ongoing process that should be in place for as long as the devices are in use.
Ultimately, endpoint security depends on strong supply chain security, which starts with ensuring that devices, whether PCs, printers, or any form of IoT, are built and delivered with the intended components. This is why organizations should increasingly focus on securing the hardware and firmware foundations of their endpoints, managing, monitoring and remediating the security of hardware and firmware throughout the lifespan of an organization. any aircraft in their fleet.
We have presented the best online cybersecurity course.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we feature the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you’re interested in contributing, find out more here:
