company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Microsoft

Firmware

Cyberattack

loading..
loading..
loading..

Microsoft revealed 80% of enterprises experienced firm ware focused cyberattack

Report indicates that multinational enterprises are victims of a firmware-based attack, according to Microsoft

05-Apr-2021
3 min read

Microsoft published a new report titled **“March 2021 Security Signals report in recent times, which disclosed that over 80% of world enterprises were victims of at least one firmware-based cyberattack. The study stated that 29% of the targeted organizations have decided upon safeguarding firmware by allocating proper budgets. 1000 enterprise security decision-makers from various countries like China, Japan, Germany, the U.K., the U.S. contributed to this study which revealed that the majority of security investments are going to updates of security, scanning of vulnerability, and higher-level threat protection solutions.
“The study showed that current investment is going to security updates, vulnerability scanning, and advanced threat protection solutions.” reads the report published by Microsoft.

“Yet despite this, many organizations are concerned about malware accessing their system as well as the difficulty in detecting threats, suggesting that firmware is more difficult to monitor and control. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation.”

The most concerning data from the report is the shortage of investments based on firmware protection, like Kernel data protection(KDP) or memory encryption. “Hardware-based security features such as Kernel data protection (KDP), or memory encryption, which blocks malware or malicious threat actors from corrupting the operating system’s kernel memory or from reading it at runtime, is a leading indicator of preparedness against sophisticated kernel-level attacks.” mentions the report.

“Security Signals found that only 36% of businesses invest in hardware-based memory encryption and less than half (46%) are investing in hardware-based kernel protections.”

21% of decision-makers agreed that they could not monitor firmware data, and 82% of the respondents to Microsoft’s survey agreed that they do not possess the resources to stop firmware attacks, stated the report. The report mentioned that mostly 71% of the staff while away their time on activities, and overall around 41% of their time is spent on patching of firmware that could be automated.

firmware-attacks

“Eighty-one percent of the German companies we surveyed were prepared and willing to invest, as compared to 95% of Chinese organizations and 91% of businesses in the U.S., UK, and Japan. Eighty-nine percent of regulated industry companies felt willing and able to invest in security solutions. However, those in the financial services sector are not quite as ready to invest as companies in other markets.” States the report.

“Those that do make the right investments are seeing returns, and surveyed organizations that made a real investment in security saw a big payoff.”