FIRMWARE VULNERABILITIES :
- According to Microsoft, enterprise firmware protection is more fragile today than it was last year.
- Companies do not invest in prevention steps, and attackers have perfected their tactics.
- 80 percent of businesses have recently been subjected to a firmware assault, and many are unaware that they have been hacked.
- Microsoft has introduced a new secured-core system class that includes kernel protection out of the box.
- According to a report commissioned by Microsoft, cyberattacks on corporate firmware have increased in the last two years.
- Over 80% of businesses have had at least one firmware attack in the last two years, but only 29% of security budgets are dedicated to firmware protection.
- Firms do invest in network vulnerability detection and scanning techniques, but Microsoft claims that one of the reasons for the troubling figures is that firmware is more difficult to track.
Why is it that firmware attacks are more appealing to hackers?
Attacks on software are easier to complete in terms of effort. Hackers, on the other hand, tend to attack firmware because if they succeed, they gain access to a company’s credentials and encryption keys. And the consequences are much more serious.
As a result of the recent rise in security steps taken by businesses, attackers have spent more time perfecting their tactics. As a result, many businesses are unaware that they have been hacked, and as a result, they do not take the necessary precautions.
How can firmware be protected from attacks?
Enterprises can use Kernel data protection (KDP) and memory encryption methods to avoid these types of attacks. These methods operate by preventing malware from gaining access to kernel memory.
According to the report, only 36% of companies invest in hardware-based memory encryption, and less than half (46%) invest in hardware-based kernel protections.
The lack of automation is the primary cause of these trends. As a result, Microsoft proposes a new class of devices known as Secured-core PCs, which feature a zero-trust build core that prevents firmware attacks from the start.
Some businesses have already received secure-core PCs, with promising performance. Microsoft has teamed up with AMD and Intel to bring this technology to their respective devices.
As a result, there are more than 100 secured-core devices on the market today from companies including Acer, Dell, HP, Lenovo, and Panasonic. In the not-too-distant future, the number will undoubtedly rise.