Global IT infrastructure has become increasingly interconnected and interdependent. As a result, operational resilience has continued to climb CISOs’ agendas. While organizations have matured their management of software threats, many struggle with poor visibility and inadequate tools to defend against lower-level threats targeting hardware and firmware, proving to be a barrier to resilience.
Supply chain attacks can come in many forms, from ransomware groups compromising suppliers’ infrastructure to tampering with hardware and firmware. Beyond disruption, the reason these attacks are so damaging is because they undermine the hardware and firmware foundation of devices, often in ways that are difficult to detect and fix, meaning that software and data cannot be trusted to be secure .
Regulators have begun to move to strengthen supply chain security. The UK has implemented new IOT cybersecurity rules and is drafting a Cybersecurity and Resilience Bill to “broaden the regulatory landscape to protect more digital services and supply chains”. In the United States, Executive Order 14028 accelerated the development of security requirements for the software supply chain for government procurement, explicitly including firmware. The EU is introducing new cyber security requirements at all stages of the supply chain, starting with software and services with the Network and Information Systems (NIS2) directive and extending to the devices themselves with the Cyber Resilience Act to ensure more secure hardware and software.
A survey by HP Wolf Security found that 30% of UK organizations say they or someone they know has been affected by government-sponsored actors trying to insert malicious hardware or firmware into PCs or printers, underscoring the need for to address security risks to physical devices.
Hardware and firmware attacks have major consequences
The impact of failing to protect the integrity of endpoint hardware and firmware is high. A successful compromise at these lower layers can give attackers unparalleled visibility and control over a device. The attack surface exposed by hardware and firmware has for years been a target for skilled and well-resourced threat actors such as nation-states that offer a stealthy foothold beneath the operating system (OS). But as the cost and skill of attacking hardware and firmware decreases, this ability trickles down into the hands of other bad actors.
Given the insidious nature and complexity of firmware threats, real-world examples are not as frequent as malware targeting the operating system. Examples like LoJax in 2018 targeted PC UEFI firmware to survive OS reinstalls and hard drive replacements on devices lacking protection. Recently, BlackLotus’ UEFI bootkit was designed to bypass boot security mechanisms and give attackers full control over the OS boot process. Other UEFI malware such as CosmicStrand can launch before OS and security defenses, allowing attackers to maintain persistence and facilitate command-and-control of the infected computer.
Companies are also concerned about attempts to tamper with devices in transit, with many reporting that they are blindsided and unable to detect and stop such threats. 75% of UK organizations say they need a way to verify hardware integrity to reduce the threat of device tampering.
Maturing the approach to endpoint hardware and firmware security
In recent years, IT teams have become better at managing and monitoring the software security configuration of devices and improving their ability to track software provenance and supply chain security. Now is the time to bring the same level of maturity to managing and monitoring hardware and firmware security across the lifecycle of endpoint devices.
Organizations can start by taking the following steps:
- Manage secure firmware configuration throughout the device lifecycle using digital certificates and public key encryption. By doing so, administrators can begin managing firmware remotely and eliminate weak password-based authentication.
- Leverage vendor factory services to enable robust hardware and firmware security configurations right from the factory
- Adopt Platform Certificate technology to verify hardware and firmware integrity once devices have been shipped
- Continuously monitor device hardware compliance and firmware configuration across your fleet of devices – this is a continuous process that should be in place as long as devices are in use.
Ultimately, endpoint security depends on strong supply chain security, which starts with the assurance that devices, whether PCs, printers, or any form of IoT, are built and delivered with the intended components. That’s why organizations should increasingly focus on securing the hardware and firmware foundation of their endpoints by managing, monitoring and remediating hardware and firmware security throughout the lifetime of every device in their fleet.
We have presented the best online cyber security course.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we feature the best and brightest minds in the tech industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, you can read more here:
