•   
  •   

World Should firms be more worried about firmware attacks?

06:40  08 april  2021
06:40  08 april  2021 Source:   bbc.com

Surface Book 3: Firmware Update available

 Surface Book 3: Firmware Update available © Provided by Dr. Windows Surface Book 3 Title Image The Surface Book 3 is already the fifth Surface device, which will receive a firmware update in the current week. The scope of the update corresponds mainly to those published on Saturday for the Surface Pro 7. This is not a wonder, because even if the devices distinguish externally very much, the "innards" are too much identical.

The good news is that firmware attacks are less likely to target consumers, but big firms should beware, according to Gabriel Cirlig, a security researcher with US cyber-security firm Human (formerly White Ops). "It is a big deal, but fortunately it only works against big organisations, because you need to target specific types of motherboards and firmware ," he tells the BBC. Typically, cyber-criminals tend to attack operating systems and popular software, because they only make money if they can infect the biggest numbers of end users.

Firmware attacks are tricky to deal with. State-sponsored hacking group APT28, or Fancy Bear, was caught in 2018 using a Unified Extensible Firmware Interface (UEFI) rootkit to target Windows PCs. There have also been attacks that rely on hardware drivers, such as RobbinHood, Uburos, Derusbi "Yet despite this, many organizations are concerned about malware accessing their system as well as the difficulty in detecting threats, suggesting that firmware is more difficult to monitor and control. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation."

Computing giant Microsoft recently put out a report claiming that businesses globally are neglecting a key aspect of their cyber-security - the need to protect computers, servers and other devices from firmware attacks.

a person holding a phone and a laptop © Getty Images

Its survey of 1,000 cyber-security decision makers at enterprises across multiple industries in the UK, US, Germany, Japan and China has revealed that 80% of firms have experienced at least one firmware attack in the past two years.

Yet only 29% of security budgets have been allocated to protect firmware.

However, the new report comes on the back of a recent significant security vulnerability affecting Microsoft's widely-used Exchange email system.

Surface Pro 6: Firmware Update improves graphics performance and security

 Surface Pro 6: Firmware Update improves graphics performance and security © Provided by Dr. med. Windows Surface Pro 6 owners of the Surface Pro 6 will now receive a firmware update with various detail enhancements. As always, the rollout takes place in several waves, possibly it will not be displayed immediately. The firmware update mainly contains updated drivers for various Intel components that are installed in the Surface Pro 6.

Microsoft’s inaugural Security Signals report for March 2021 shows that 80% of enterprises have experienced one firmware attack during the past two years, but less than a third of security budgets are dedicated to protecting firmware . Firmware attacks are tricky to deal with. State-sponsored hacking group APT28, or Fancy Bear, was caught in 2018 using a Unified Extensible Firmware Interface (UEFI) rootkit to target Windows PCs.

ZDNet - Businesses are too busy patching to worry about firmware attacks , according to a Microsoft-commissioned study. Microsoft's inaugural Security Signals … The Canon EOS R5 has been slowly improving its video skills thanks to new firmware updates, but the rumors are already growing about a new …

And the computing giant launched a range of extra-secure Windows 10 computers last year that it says will prevent firmware from being tampered with.

So is this just an attempt to divert attention and sell more PCs, or should businesses be more worried?

How a firmware attack works

Firmware is a type of permanent software code used to control each hardware component in a PC.

Increasingly, cyber-criminals are designing malware that quietly tampers with the firmware in motherboards, which tell the PC to start up, or with the firmware in hardware drivers.

This is a sneaky way to neatly bypass a computer's operating system or any software designed to detect malware, because the firmware code is in the hardware, which is a layer below the operating system.

Remote work is overrated. America’s supercities are coming back.

  Remote work is overrated. America’s supercities are coming back. As Lorde said: “We live in cities.”As the year went on, demand for suburban homes fueled questions about whether these moves would be permanent. A June National Bureau of Economic Research paper by researchers from the University of Chicago estimated that 37 percent of jobs can be performed entirely remotely. It emphasized that jobs that can be remote tend to pay more than those that cannot, highlighting yet another disparity in how Covid-19 has affected the labor market.

More than three-quarters of enterprises have experienced one firmware attack during the past two years, but less than a third of security budgets are dedicated to protecting firmware , according to Microsoft's inaugural Security Signals report for March 2021. Firmware attacks are tricky to deal with. State-sponsored hacking group APT28, or Fancy Bear, was caught in 2018 using a Unified Extensible Firmware Interface (UEFI) rootkit to target Windows PCs. There have also been attacks that rely on hardware drivers, such as RobbinHood, Uburos, Derusbi, Sauron and GrayFish, as well

In most cases, firmware is a hassle to update with the latest security patches. Updates have to be carried out separately from the operating system updates that are more commonplace. But Duo surveyed 73,000 Mac computers operating in the real world and found that 4.2 percent of them were not running the firmware they should have been based on their operating system. In some models - such as the 21.5-inch iMac released in late 2015 - 43 percent of machines had out-of-date firmware .

  • Microsoft hack: 3,000 UK email servers unsecured
  • Hundreds of UK firms hacked in global cyber-crisis
  • Cyber-flaw affects 745,000 pacemakers

Security experts have told the BBC that even if IT departments are following cyber-security best practices like patching security vulnerabilities in software, or protecting corporate networks from malicious intrusions, many firms are still forgetting about the firmware.

"People don't think about it in terms of their patching - it's not often updated, and when it is, sometimes it breaks things," explains Australian cyber-security researcher Robert Potter.

Mr Potter built the Washington Post's cyber-security operations centre and has advised the Australian government on cyber-security.

"Firmware patching can sometimes be tricky, so for a lot of companies, it's become a blind spot."

There have been several major firmware attacks discovered in the last two years, such as RobbinHood, a ransomware that uses firmware to gain root access to a victim's computer and then encrypts all files until a Bitcoin ransom has been paid. This malware held the data of several US city governments hostage in May 2019.

The use of anti-shark repellents can reduce the number of attacks, according to an

 The use of anti-shark repellents can reduce the number of attacks, according to an study if the shark attacks remain exceptional, they were particularly numerous in 2020 in Australia and made seven dead © CATERS / SIPA a Shark, Illustration Study - If the shark attacks remain exceptional, they have been particularly numerous in 2020 in Australia and have seven dead the systematic use of electronic devices to repel sharks can avoid more than 1,000 wounded in the course.

In most cases, firmware is a hassle to update with the latest security patches. Updates have to be carried out separately from the operating system updates that are more commonplace. But Duo surveyed 73,000 Mac computers operating in the real world and found that 4.2 percent of them were not running the firmware they should have been based on their operating system. In some models - such as the 21.5-inch iMac released in late 2015 - 43 percent of machines had out-of-date firmware .

In most cases, firmware is a hassle to update with the latest security patches. Updates have to be carried out separately from the operating system updates that are more commonplace. That left many Macs open to hacks like the “Thunderstrike” attack , where hackers can control a Mac after plugging an Ethernet adapter into the machine’s so-called thunderbolt port. Paradoxically, it was only possible to find the potentially vulnerable machines because Apple is the only computer maker that has sought to make firmware updates part of its regular software updates, making it both more trackable

Another example is Thunderspy, an attack that utilises the direct memory access (DMA) function that PC hardware components use to talk to each other.

This attack is so stealthy that an attacker can read and copy all data on a computer without leaving a trace, and the attack is possible even if the hard drive is encrypted, the computer is locked, or set to sleep.

"If device firmware has no protection in place, or if the protection can be bypassed, then firmware compromise is both incredibly serious and potentially invisible," explains Chris Boyd, a malware intelligence analyst at security firm Malwarebytes.

"Remote or physical compromise which permits rogue code to run can set the stage for data theft, system damage, spying, and more."

Big organisations beware

The good news is that firmware attacks are less likely to target consumers, but big firms should beware, according to Gabriel Cirlig, a security researcher with US cyber-security firm Human (formerly White Ops).

"It is a big deal, but fortunately it only works against big organisations, because you need to target specific types of motherboards and firmware," he tells the BBC.

Indonesia: Exchange of shots at the police headquarters in Jakarta

 Indonesia: Exchange of shots at the police headquarters in Jakarta The assailant was shot dead by Indonesian laws © Mariana / AFP police in front of the police headquarters in Jakarta, 31 March 2021. Attack - The assailant was shot by Indonesian laws a person was shot, on Wednesday at the police headquarters in Jakarta ( Indonesia ), after exchanges of shots With the Indonesian police reported the local media, which evoke "an alleged terrorist attack". The police did not respond immediately to the requests to verify this information.

Typically, cyber-criminals tend to attack operating systems and popular software, because they only make money if they can infect the biggest numbers of end users.

Firmware attacks are less common and more complicated to implement than other types of cyber-attacks, but unfortunately the coronavirus pandemic has accelerated the problem.

a woman sitting at a table using a laptop: The pandemic has led to a sharp rise in devices connecting remotely to critical corporate network infrastructure © Getty Images The pandemic has led to a sharp rise in devices connecting remotely to critical corporate network infrastructure

The National Institute of Standards and Technology (NIST), an agency within the US Department of Commerce, continually updates a National Vulnerability Database (NVD) with new security flaws.

The database has recorded a five-fold increase in attacks against firmware in the last four years.

Coronavirus lockdowns in multiple countries have led to multiple employees working from home and connecting remotely to work servers. Each one of those computers and mobile devices is an opportunity.

Carrying out a firmware attack might be complex, says Mr Cirlig, but if attackers could silently steal critical information from a c-suite executive's laptop, like passwords, they could then use it to infiltrate a company's networks and steal more data.

Nation-state hackers would be most likely to use such an attack, he adds.

China attacks Western nations, firms over Xinjiang cotton boycott

  China attacks Western nations, firms over Xinjiang cotton boycott Officials warn companies against ‘politicising their economic behaviour’ amid Western concern over forced labour.Xu Guixiang, a spokesman for the regional government of Xinjiang, on Monday rejected allegations that Chinese authorities were committing genocide against the far western region’s Uighurs and other Turkic Muslims.

"This is a big operation with big pay-offs - it's not something that a small group of cyber-criminals has the manpower to do."

Creeping soon into a network near you

Although firmware attacks are not as ubiquitous as phishing scams, malware or other cyber-attacks, the cyber-security experts the BBC spoke to say now is the time for businesses, and the technology industry as a whole, to pay attention to hardware security.

Hardware and firmware designers need to be included in the cyber-security discussion, say experts © Getty Images Hardware and firmware designers need to be included in the cyber-security discussion, say experts

"Firmware attacks are not common on a day-to-day basis, but that's because people don't realise they're being infected by such an attack," says Mr Boyd.

"It's like when ransomware first came onto the scene - people didn't know of anyone who was infected by it, and if big organisations were, they wouldn't tell anyone about it, as there was an element of shame, not wanting their clients to know they'd been infected."

Mr Boyd adds that a new generation of "budding hardware enthusiasts" who have been learning their way around firmware by "modding video game consoles over the last decade" could well pose additional threats to enterprise cyber-security going forward - a point Mt Cirlig fervently agrees with, since he hacked the firmware in his own car when he was younger.

"Microsoft is right to raise this as a major issue, because we need to bring firmware designers and operational technologies along the journey of cyber-security, the way we have with software companies," says Mr Potter.

"As we connect more things to the internet, we're connecting a lot more devices that haven't been designed with cyber-security in mind. And if the trend continues, bad guys will go after it."

Syria blames Israel for missile attacks near Damascus .
SANA news agency quoted a military source as saying the attacks wounded four soldiers.Syria’s state news agency SANA, quoting an unidentified military official, said Syrian air defences were able to shoot down most of the missiles before they hit their targets on Thursday.

usr: 1
This is interesting!