Skip to main content
close search
site logo
Dive Brief

Enterprises lag on firmware security spending in face of rising threat

Published April 1, 2021
David Jones's headshot
Reporter

Dive Brief:

  • Enterprises are underinvesting in firmware security despite a rise in targeted attacks, according to a March study commissioned by Microsoft. More than 80% of enterprises have seen at least one attack against their firmware in the past two years, yet only 29% of security budgets are allocated toward protecting firmware. 
  • While enterprises are investing in security updates, vulnerability scanning and solutions for advanced threat protection, IT security officials are more worried about the difficulty of detecting malware threats, in part because firmware attacks are hard to catch, according to the report, conducted by the Hypothesis Group. The report is based on interviews with 1,000 enterprise security decision makers in the U.S., U.K., Germany, China and Japan. 
  • Industry has in recent years seen a rise in attacks targeting firmware and other forms of computing hardware. Russia-backed Fancy Bear, the group that Microsoft dubbed Strontium, launched attacks through firmware and attacked corporate IoT devices. In mid-2020, a campaign known as Thunderspy used the Intel Thunderbolt ports to gain control over direct memory access (DMA). 

Dive Insight:

Firmware provides access to critical information, including credentials and encryption keys, which can be used to compromise systems before anyone realizes an attack is underway.

There has been a five-fold increase in attacks that target firmware over a four year period, according to Microsoft, citing data from the National Institute of Science and Technology. The concern is that IT security officials are still much more focused on protecting against software-based vulnerabilities and not actively monitoring attacks at the hardware level. 

"Recently the industry has seen an increase in attacks against firmware and hardware, targeting the sensitive information that lives in a device’s memory, or the kernel," a Microsoft spokesperson said via email. "The reason attackers are targeting these layers of computing is because they live below the operating system and go unmonitored, meaning attackers can lay in wait to encrypt the device and secure the biggest ransomware payout."

Microsoft has been working for several years with technology companies, including chip makers, personal computing firms and other companies, to develop what are called secured-core PCs that are less vulnerable to these types of attacks on the kernel. Microsoft announced plans in March at Microsoft Ignite to extend secured-core to the server and IoT devices.

Intel, which has been working alongside numerous technology companies to enhance hardware security, released a global study in March showing 76% of respondents said it was highly important for a technology provider to offer hardware-assisted capabilities that are designed to mitigate software exploits. The Intel study, conducted by the Ponemon Institute, was based on a survey of 1,875 IT security officials in the U.S., U.K., Europe, the Middle East, Africa and Latin America.

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell