Notice: The information in this report is a synopsis of the source articles.  For in depth information please refer to the source cited at the end of each article.


Date: 31 March 2021

Title:  Microsoft: Firmware attacks are on the rise and you aren’t worrying about them enough

Microsoft’s inaugural Security Signals report for March 2021 shows that 80% of enterprises have experienced one firmware attack during the past two years, but less than a third of security budgets are dedicated to protecting firmware. 

Microsoft launched a new range of “Secured-Core” Windows 10 PCs last year to counter malware that tampers with the code in motherboards that boots a PC. It’s also released a UEFI scanner in Microsoft Defender ATP to scan inside the firmware filesystem for the presence of malware.  Enterprises aren’t treating the firmware attacks seriously enough, according to a study that Microsoft commissioned Hypothesis Group to conduct.  The study showed that current investment is going to security updates, vulnerability scanning, and advanced threat protection solutions

It’s worth noting that Microsoft is promoting its “emerging class of secured-core hardware”, such as the Arm-based Surface Pro X, which start at $1,500, with the SQ2 processor, or HP’s Dragonfly laptops that retail for no less than $2,000. 

Firmware lives below the operating system and is where credentials and encryption keys are stored in memory, where it’s not visible to antivirus software.  Many devices in the market today don’t offer visibility into that layer to ensure that attackers haven’t compromised a device prior to the boot process or at runtime bellow the kernel. And attackers have noticed. 

Corporate security teams are focusing on “protect and detect” models of security, pointing out that only 39% of security teams’ time is spent on prevention.  The lack of proactive defense investment in kernel attack vectors is an example of this outdated model.

A majority of corporation IT managers said they don’t have enough resources to address high-impact security work because they’re too busy dealing with patching, hardware upgrades, and mitigating internal and external vulnerabilities

What to do?

Install Windows Defender or a similar product to protect against core attacks

Ensure your anti-virus and anti-malware software is operational and current.

What can you do to when this happens to you?

If you find your network has been compromised immediately shut down and find the source of the breach.

Take steps to mitigate any virus or malware

If data has been compromised and/or exfiltrated notify all interested parties.

Rebuild the network from a known clean backup


Microsoft: Firmware attacks are on the rise and you aren’t worrying about them enough | ZDNet

 Liam Tung | March 31, 2021