Welcome to the interactive schedule for SecurityWeek’s CISO Forum, Presented by Cisco! (For full event information visit the conference website.)  Click Here to Register.
Back To Schedule
Tuesday, September 14 • 2:45pm - 3:15pm
From Email to Firmware Implant, in Less Than 3 Minutes

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Login to Watch
Firmware security has become one of the most talked-about challenges in recent years, on the heels of supply chain, ransomware and nation state actors leveraging firmware attacks to persist indefinitely or brick devices at the motherboard level.

Against this backdrop, organizations are faced with threats that can originate via firmware, and threats that can move from the operating system down to the firmware. In either scenario, detection proves to be difficult, given the entirety of the security stack exists only above the OS, in the cloud, and on the network. Ironic, given all of these themselves rely upon the devices and firmware they sit atop. Indeed, this is the main advantage for attackers, and it buys them back the time and power they need to accomplish any objective, whether destruction, disruption, profit or espionage. Imagine clicking an email attachment and having a user’s device be implanted at the firmware level. How would you detect this scenario in your own organization? Is it even possible to do so?

In this presentation we will lay out these concepts, provide examples of recent actors and campaigns targeting firmware, explore where firmware-level attacks appear in MITRE ATT&CK to place them in context, and finally, show a demonstration of an attack that starts with an email attachment, and ends with eyes wide open.

avatar for Scott Scheferman

Scott Scheferman

Office of the CTO - Strategy, Speaking, Threat Landscape, Eclypsium

Tuesday September 14, 2021 2:45pm - 3:15pm EDT