The global IT infrastructure has become increasingly interconnected and interdependent. As a result, operational resilience has continued to be high on CISOs’ agendas. While organizations have matured in their handling of software threats, many are struggling with poor visibility and inadequate tools to defend against lower-level threats targeting hardware and firmware, which is proving to be a barrier to resilience.
Supply chain attacks can take many forms, from ransomware groups compromising supplier infrastructure to hardware and firmware alterations. Beyond disruption, the reason these attacks are so damaging is because they undermine the hardware and firmware foundations of devices, often in ways that are difficult to detect and repair, meaning they can’t be trusted. that software and data are secure.
Regulators have begun taking steps to strengthen supply chain security. The UK has implemented new IoT cybersecurity regulations and is drafting a Cybersecurity and Resilience Bill to “broaden the scope of regulation to protect more digital services and supply chains.” In the US, Executive Order 14028 accelerated the development of software supply chain security requirements for government procurement, explicitly including firmware. The EU is introducing new cybersecurity requirements at every stage of the supply chain, starting with software and services with the Network and Information Systems (NIS2) directive and extending to the devices themselves with the Cyber Resilience Act to ensure more secure hardware and software.
An HP Wolf Security survey found that 30% of UK organizations say they or others they know have been affected by state-sponsored actors trying to insert malicious hardware or firmware into PCs or printers, highlighting the need to address security risks of physical devices.
Hardware and Firmware Attacks Have Significant Ramifications
The impact of not protecting the integrity of the hardware and firmware of the terminals is high. A successful compromise at these lower layers can give attackers unparalleled visibility and control over a device. The attack surface exposed by hardware and firmware has been the target of trained and well-resourced threat actors, such as nation-states, for years, offering a stealthy foothold beneath the operating system (OS). But as the cost and ability to attack hardware and firmware decline, this capability is finding its way into the hands of other bad actors.
Given the stealthy nature and complexity of firmware threats, real-world examples are not as prevalent as malware targeting the operating system. Examples like LoJax, in 2018, targeted PC UEFI firmware to survive operating system reinstallations and hard drive replacements on devices that lacked protection. More recently, the BlackLotus UEFI boot kit was designed to bypass boot security mechanisms and give attackers full control over the operating system boot process. Other UEFI malware, such as CosmicStrand, can start before the operating system and security defenses, allowing attackers to maintain persistence and facilitate command and control over the infected computer.
Companies are also concerned about attempts to tamper with devices in transit, with many reporting that they are blind and unequipped to detect and stop such threats. 75% of UK organizations say they need a way to verify hardware integrity to mitigate the threat of device tampering.
Maturating approach to endpoint hardware and firmware security
In recent years, IT teams have gotten better at managing and monitoring device software security settings and are improving their ability to track software provenance and supply chain assurance. Now is the time to bring the same level of maturity to managing and monitoring hardware and firmware security throughout the life of endpoint devices.
Organizations can get started by taking the following steps:
- Securely manage firmware configuration throughout the lifecycle of a device, using digital certificates and public key cryptography. By doing so, administrators can begin managing firmware remotely and eliminate weak password-based authentication.
- Use vendor factory services to enable robust hardware and firmware security configurations right from the factory.
- Adopt platform certificate technology to verify the integrity of hardware and firmware once devices have been delivered.
- Monitor ongoing compliance with device hardware and firmware configuration across your entire device fleet; This is an ongoing process that must be implemented while the devices are in use.
Ultimately, endpoint security depends on strong supply chain security, which starts with ensuring that devices, whether PCs, printers, or any form of IoT, are manufactured and delivered with the intended components. That’s why organizations should increasingly focus on protecting the hardware and firmware foundations of their endpoints, by managing, monitoring and remediating hardware and firmware security over the life of any device in their fleet.
We have presented the best online cybersecurity course.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we feature the best and brightest minds in today’s tech industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, find out more here:
