- Enterprise firmware security is more vulnerable today than it was last year, Microsoft says.
- Attackers have refined their strategies and companies don't invest in prevention measures.
- 83% of the companies have been through a firmware attack recently; many don't even know they have been targeted.
- Microsoft has launched a secured-core class of devices that provide kernel security out of the box.
Cyberattacks on corporate firmware have intensified over the past two years, according to a study commissioned by Microsoft.
More than 80% of enterprises have experienced at least one firmware attack in the past two years, but only 29% of security budgets are allocated to protect firmware.
Firms do invest in monitoring network vulnerabilities and scanning techniques; but one of the reasons for the alarming mentioned numbers would be that firmware is more difficult to monitor, Microsoft says.
Why are firmware attacks more appealing for hackers?
In terms of effort, attacks on software are easier to finalize. However, hackers prefer targeting firmware because, if successful, they guarantee access to a company’s credentials and encryption keys. And the damage is considerably more substantial.
Given the increased security measures taken by companies recently, attackers have also invested more time in perfecting their strategies.
As a result, many companies don’t even know they have been exposed to such a security breach so they don’t particularly take appropriate measures.
How to prevent attacks on firmware?
To prevent these types of attacks, enterprises should focus on using Kernel data protection (KDP) and memory encryption solutions. These techniques work by blocking malware from accessing kernel memory.
However, only 36% of businesses invest in hardware-based memory encryption and less than half (46%) are investing in hardware-based kernel protections, the study says.
So companies spend more time and resources on post-attack measures than on designing prevention strategies, which the source rates as outdated methods
The main reason for these trends would be the lack of automation. Consequently, Microsoft proposes a new class of devices called Secured-core PCs, with a zero-trust build core that prevents attacks on firmware from the very beginning.
Secured-core PCs have already been delivered to some companies with positive results. Microsoft has partnered with AMD and Intel to include this technology on their devices.
As a result, more than 100 secured-core devices from brands such as Acer, Dell, HP, Lenovo, or Panasonic are available on the market today. The number will surely go higher in the near future.