Microsoft seems quite focused In its latest security report, on the risk of attacks on firmware. Because these have increased significantly in recent years and are comparatively difficult to combat. Therefore, the company is now setting its priority to combat these vulnerabilities.
On Windows PCs, these types of attacks are aimed at vulnerabilities in the BIOS or in the UEFI. According to the reports from the security industry, exploits that attack at this level have increased by a multiplier of five in recent years. And in the business sector, the risks from firmware attacks already take up a significant proportion of the budget.
Most conventional security measures such as regularly installing patches for the operating system and applications or the use of malware scanners do not help here because the attacks take place on a lower level and thus run under the radar. Correspondingly, other means must be used to react to recent developments – which Microsoft intends to do more intensively.
Microsoft Takes Effective Measures
The core countermeasures include Kernel Data Protection (KDP) and the encryption of content in the main memory. This is to ensure that malware that tries to penetrate the system from the firmware level does not find a sensible way of getting stuck in the kernel memory. However, too few users are currently paying attention to the fact that when purchasing new hardware, the systems are already equipped with RAM encryption technologies on the hardware side.
One of the better known attacks at the firmware level was based on the ThunderSpy bug. The exploits were of particular concern for perpetrators who were able to provide physical access to the target systems. They were able to penetrate here via the Thunderbolt port and steal stored content that they would normally not have access to.
Manager at Research Snipers, RS-NEWS, Digital marketing enthusiast and industry professional in Digital Marketing, Social Media, Business News, and Technology News, with vast experience in the media industry, I have a keen interest in business technology, News breaking.