U.S. calls attention to major weaknesses in the firmware supply chain
NSA Releases Cybersecurity Technical Report (CTR) – “Network Infrastructure Security Guidance”
March 8, 2022FCC looks into BGP vulnerabilities in light of Russian hacking threat
March 8, 2022
Summary:
At the very highest levels, the U.S. government is calling attention to major weaknesses in the firmware supply chain, warning that the layer below the OS presents “a large and ever-expanding attack surface.”
Additional Discussion:
The U.S. government, at the very highest levels, is calling attention to major weaknesses in the firmware supply chain, warning that the layer below the operating system is fertile ground for devastating hacker attacks.
A new joint draft report issued by leadership of the U.S. Department of Homeland Security (DHS) and the Department of Commerce said firmware presented “a large and ever-expanding attack surface” for malicious hackers to subvert the core of modern computing.
“Securing the firmware layer is often overlooked, but it is a single point of failure in devices and is one of the stealthiest methods in which an attacker can compromise devices at scale.”
“Attackers can subvert OS and hypervisor visibility and bypass most security systems, hide, and persist in networks and devices for extended periods of time while conducting attack operations, and inflict irrevocable damage,” the two agencies said following a one-year assessment of the supply chains for critical IT infrastructure deployed in the United States.
“Firmware can also be a lucrative target with a relatively low cost of attack. Over the past few years, hackers have increasingly targeted firmware to launch devastating attacks.”
Link to Source:
Associated Files:
