Login to WatchFirmware security has become one of the most talked-about challenges in recent years, on the heels of supply chain, ransomware and nation state actors leveraging firmware attacks to persist indefinitely or brick devices at the motherboard level.
Against this backdrop, organizations are faced with threats that can originate via firmware, and threats that can move from the operating system down to the firmware. In either scenario, detection proves to be difficult, given the entirety of the security stack exists only above the OS, in the cloud, and on the network. Ironic, given all of these themselves rely upon the devices and firmware they sit atop. Indeed, this is the main advantage for attackers, and it buys them back the time and power they need to accomplish any objective, whether destruction, disruption, profit or espionage. Imagine clicking an email attachment and having a user’s device be implanted at the firmware level. How would you detect this scenario in your own organization? Is it even possible to do so?
In this presentation we will lay out these concepts, provide examples of recent actors and campaigns targeting firmware, explore where firmware-level attacks appear in MITRE ATT&CK to place them in context, and finally, show a demonstration of an attack that starts with an email attachment, and ends with eyes wide open.
