Firmware Turns Out to Be Soft and Squishy: 5 Reasons Why Firmware Attacks are the New Front in the Cyber War

Webinar Registration

The reason you are hearing so much about firmware attacks is because it really is a thing. But in this real training for free session, we will dive into why. There are a lot of dynamics at work here including:

Lack of awareness
Firmware attacks are hard to detect because firmware runs underneath the OS itself.
Increased vigilance on endpoints by defenders is pushing attackers to target systems at a deeper level
Linux is the new firmware. In the old days, device firmware was purpose built by an engineer who has long since retired in a little-known language. Today devices invariably run a stripped-down form of Linux. And sometimes it’s not stripped down at all – meaning a large and well-known attack surface is running all kinds of devices where you’d least expect it.
Firmware is hard to patch. If there is one thing I’ve seen organizations improve on in cyber security over the last 25 years it’s patching. The operating system and to a lesser degree applications. But we aren’t good at patching firmware.
Nowadays firmware has a network attack surface
Firmware is powerful making it a useful target simply for its utility
Attacking firmware is a great way to bring down critical infrastructure

It’s not like we never thought of firmware attacks. After all, Trust Platform Modules (TPM) have been included on business class systems for many years. And Unified Extensible Firmware Interface (UEFI) isn’t new either. And now there is the secure-core PC technology.

But security is not a technology. Security is a commitment, process and mindset. And we need to apply all 3 to firmware. In this webinar I’m joined by Nate Warfield. Nate used to run Microsoft’s Patch Tuesday and was on the team who delivered the MS17-010 patch; better known as the fix for WannaCry & NotPetya. Today he is consumed with firmware security as Director of Threat Research and Intel at Eclypsium, who is sponsoring this real training for free session. Nate and I will discuss a number of firmware attack scenarios such as:

The F5 vulnerability that came out in May
Attackers’ use of IP cameras as C2 servers (you read that right)
How an invasion of Ukraine related attack on Viasat modems hosed, among other things, 5,800 Enercon wind turbines in Germany
The Conti ransomware group’s targeting of Intel Management Engine (ME) firmware

Please join us for this technical and eye-opening real training for free session.

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
State:	Required
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.