HP: Hybrid Work Enabling Firmware Attacks

Written by Edward Gately
June 29, 2022

HP this week released research from HP Wolf Security showing changing workforce dynamics are creating new challenges for IT teams around firmware security.

As business workforces become increasingly distributed, IT leaders say it’s harder than ever to defend against firmware attacks.

The shift to hybrid work models has transformed how organizations manage endpoint security, while also highlighting new challenges for IT teams around securing device firmware.

The HP Wolf Security global survey of 1,100 IT leaders reveals that:

The threat of firmware attacks is a growing concern for IT leaders now that hybrid workers are connecting from home networks more frequently. With hybrid or remote work now the norm for many employees, there is a greater risk of working on potentially unsecure home networks, meaning that the level of threat posed by firmware attacks has risen. More than eight in 10 IT leaders say firmware attacks against laptops and PCs now pose a significant threat, while 76% of IT decision makers said firmware attacks against printers pose a significant threat.
Managing firmware security is becoming harder and taking longer in the era of hybrid work, leaving organizations exposed. Some 80% of IT leaders are worried about their capacity to respond to endpoint firmware attacks.

Ian Pratt is global head of security for personal systems at HP. He said firmware provides a fertile opportunity for attackers looking to gain long-term persistence or perform destructive attacks.

“The security of firmware is frequently neglected by organizations, with much lower levels of patching observed,” he said. “In the last year, we’ve seen attackers performing reconnaissance of firmware configurations, likely as a prelude to exploiting them in future attacks. Previously, these types of attacks were only used by nation-state actors. The tools, tactics and procedures for targeting PC firmware could trickle down, opening the door for sophisticated cybercrime groups to weaponize threats and create a blueprint to monetize attacks.”

Once an attacker has gained control over the firmware configuration, they can exploit their position to gain persistence and hide from anti-malware solutions that live in the operating system (OS), Pratt said. This gives them an advantage, allowing them to stealthily maintain persistence on target devices so they can gain access to infrastructure across the enterprise and maximize their impact.

“We urge organizations to deliver protection where it is needed most: the endpoint,” he said. “Organizations should embrace a new architectural approach to security that helps to mitigate risk. This involves applying the principles of zero trust – least privilege access, isolation, mandatory access control and strong identity management. This approach requires resilient, self-healing hardware designed to hold its own against attacks and recover quickly when needed, while also containing and neutralizing cyber-threats.”

Tags:

Edward Gately

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.