Firmware attacks pose significant threat on laptops, PCs — HP report
By FUNMILOLA GBOTEKU
HP Inc., an American multinational Information Technology company, in its research, said that 83 per cent of IT leaders concluded that firmware attacks against laptops and PCs now pose a significant threat.
HP Inc. made this known in the latest report released by the HP Wolf Security Department on Tuesday.
The report said the shift to hybrid work models had transformed how organisations manage endpoint security.
The HP Wolf Security global survey of 1,100 IT leaders revealed that firmware attacks was a growing concern for IT leaders now that hybrid workers were connecting from home networks more frequently.
It said that with remote work, which was now the norm for many employees, there was a greater risk of working on potentially unsecure home networks, meaning that the level of threat posed by firmware attacks had risen.
The report said that managing firmware security was becoming harder and taking longer in the era of hybrid work, leaving organisations exposed.
It said that more than two-thirds (67 per cent) of IT leaders said protecting, detecting, and recovering from firmware attacks had become more difficult and time-consuming.
The report said this was due to the increase in working remotely, with 64 per cent saying the same of analysing the security of firmware configuration.
It noted that as a result, 80 per cent of IT leaders were worried about their capacity to respond to endpoint firmware attacks.
Dr Ian Pratt, Global Head of Security for Personal Systems at HP Inc., said: “Firmware attacks are very disruptive and much harder to detect or remediate than your typical malware.
“Firmware often requires expert and even manual intervention to fix. This increases the cost and complexity of remediation particularly in hybrid environments where devices are not on site for IT teams to access.
“Having more endpoints sitting outside of the protection of the corporate network also reduces visibility and increases exposure to attacks coming in via unsecured networks.
“At the same time, we are seeing a rise in destructive attacks such as wiper malware.”
He said that the 2021 research team saw attackers conducting survey on firmware configurations, with the likely intent of exploiting unsecured configurations to weaponise for financial gain.
Pratt said once an attacker had gained control over the firmware configuration, they could exploit their position to gain persistence and hide from anti-malware solutions that live in the operating system (OS).
“This gives them an advantage, allowing them to stealthily maintain persistence on target devices, so they can gain access to infrastructure across the enterprise and maximise their impact,” he said.
Pratt said that in spite of the clear risks that firmware attacks pose to organisations, device security was not always a major consideration in the hardware procurement process.
He said that many organisations continue to use technologies that were not built with security in mind.
Pratt said the issue was made worse by the new shadow Information technology whereby employees purchased and connected devices outside of IT purview while working remotely.
He said that HP Wolf Security’s ‘Out of Mind and Out of Sight’ report found that 68 per cent of office workers that purchased devices to support remote work, said security was not a major consideration in their purchasing decision.
Pratt said that also 43 per cent did not have their new laptop or PC checked or installed by IT or security experts.
The Chief Technologist for Security Research and Innovation at HP Labs, Boris Balacheff said: “Security must become part of the procurement process when purchasing new IT devices.
“Organisations need to play the long game, because the devices you procure today will be the environment you have to manage and protect tomorrow.
“One of the key issues that businesses face is that many organisations are still reliant on legacy devices that were built for older industry standards.
“This issue is leaving a gap in enterprise security that could take years to close.”
He said that as attackers continue to invest in the capability to attack and disrupt PCs and Internet of Things (IoTs) devices at the firmware level, organisations also need to learn how to monitor device security.
Balacheff said they could do this by updating procurement security requirements accordingly.
He said that updating security would enable leading organisations to stay ahead of emerging threats, detect and remediate firmware attacks at scale in the era of hybrid work. (NAN)