The U.S. Department of Homeland Security (DHS) and Department of Commerce has declared that firmware presents a large and ever-expanding attack surface, a single point of failure in devices for malicious hackers to subvert the core of modern computing.
Securing the firmware layer is often overlooked, but it is and is one of the stealthiest methods in which an attacker can compromise devices at scale.
Attackers can subvert OS and hypervisor visibility and bypass most security systems, hide and persist in networks and devices for extended periods while conducting attack operations, and inflict irrevocable damage.
Firmware on network cards, Wi-Fi adapters, and USB hubs are often not properly signed with public or private keys. These devices have no way to verify that the operating firmware is authentic and can be trusted.”
Even worse, the agencies called special attention to the fact that OEMs and computer makers outsource firmware development to third-party suppliers, who might intentionally inject vulnerabilities into the product.
What to do?
– Establish a reputable firmware provider
– Ensure that firmware provided can be readily updated (Older firmware may be hard to update).
– Check all firmware for current updates and update regularly
– Deploy antivirus and antimalware programs
– Enable spam filters
– Update all software
– Filter network traffic.
What can you do when this happens to you?
– If you find your network has been compromised, immediately shut down.
– Identify the breach and type of virus or malware present.
– Identify any data which might have been compromised or stolen and inform appropriate parties.
– Rebuild the network from a known clean backup
Source: Ryan Naraine, Security Week
U.S. Gov Issues Stark Warning, Calling Firmware Security a ‘Single Point of Failure’ | SecurityWeek.Com