The reason you are hearing so much about firmware attacks is because it really is a thing. But in this real training for free session, we will dive into why. There are a lot of dynamics at work here including:
- Lack of awareness
- Firmware attacks are hard to detect because firmware runs underneath the OS itself.
- Increased vigilance on endpoints by defenders is pushing attackers to target systems at a deeper level
- Linux is the new firmware. In the old days, device firmware was purpose built by an engineer who has long since retired in a little-known language. Today devices invariably run a stripped-down form of Linux. And sometimes it’s not stripped down at all – meaning a large and well-known attack surface is running all kinds of devices where you’d least expect it.
- Firmware is hard to patch. If there is one thing I’ve seen organizations improve on in cyber security over the last 25 years it’s patching. The operating system and to a lesser degree applications. But we aren’t good at patching firmware.
- Nowadays firmware has a network attack surface
- Firmware is powerful making it a useful target simply for its utility
- Attacking firmware is a great way to bring down critical infrastructure
It’s not like we never thought of firmware attacks. After all, Trust Platform Modules (TPM) have been included on business class systems for many years. And Unified Extensible Firmware Interface (UEFI) isn’t new either. And now there is the secure-core PC technology.
But security is not a technology. Security is a commitment, process and mindset. And we need to apply all 3 to firmware. In this webinar I’m joined by Nate Warfield. Nate used to run Microsoft’s Patch Tuesday and was on the team who delivered the MS17-010 patch; better known as the fix for WannaCry & NotPetya. Today he is consumed with firmware security as Director of Threat Research and Intel at Eclypsium, who is sponsoring this real training for free session. Nate and I will discuss a number of firmware attack scenarios such as:
- The F5 vulnerability that came out in May
- Attackers’ use of IP cameras as C2 servers (you read that right)
- How an invasion of Ukraine related attack on Viasat modems hosed, among other things, 5,800 Enercon wind turbines in Germany
- The Conti ransomware group’s targeting of Intel Management Engine (ME) firmware
Please join us for this technical and eye-opening real training for free session.