Threat Reports

February 2021 Firmware Threat Report

Eclypsium Threat Report February 2021 Firmware

A short month, but one packed with developments in cybersecurity! The Sunburst supply chain campaign continues to unfold with significant revelations, including one by Microsoft, who discovered the attackers viewed and exfiltration key portions of source code related to Azure, Exchange and Intune products. Notably, components related to Identity, Security and Service were successfully stolen. It is estimated that it took over 1000 code authors to pull off the Sunburst campaign. In response to these attacks, President Biden remarked during a recent address that the U.S. “will not hesitate to raise the cost on Russia” for the Kremlin’s aggressive behavior, including cyber-attacks.” Meanwhile, newly appointed Deputy National Security Advisor, Anne Neuberger noted that “many of the private sector compromises are technology companies, including networks of companies whose products could be used to launch additional intrusions”. Stand by for the The U.S. House of Representatives’ Oversight and Homeland Security Committees holding a joint hearing on the 26th.

Eclypsium have authored two new Sunburst-related blogs covering both the need for independent validation and baselining of device hardware, firmware and software in the supply chain, as well as significant and timely IR recommendations to organizations responding to the attack.

Sunburst wasn’t the only supply chain attack story in the news this month. Additional reporting from Bloomberg covering three overall hardware/firmware supply chain attacks originating from Chinese suppliers was revealed. Of note to us was that two of the three firmware attacks were conducted remotely, dispelling notions that firmware attacks are largely confined to local attacks. While there has been controversy surrounding the evidence supporting the reported incidents, and a well-articulated reply from the vendor mentioned, one thing is for certain: firmware level vulnerabilities and related attacks are here and now, and being employed by APT, FIN and criminal actors alike.

Detecting these types of threats is fast becoming an imperative for many organizations ranging from hospitals to water treatment plants. This is because firmware sits at the nexus of device trust, integrity, and the cyber-physical (kinetic) impact dynamic central to clinical risk and community safety. It is also where attackers are moving in order to evade, persist, and adapt to defenses. Perhaps this is the reason for the rise of the CPSO?

Finally, if you enjoy crypto puzzles, then US Cyber Command’s Valentine’s Day Challenge won’t disappoint!

Bug Icon







Getting Ahead of Imminent Threats to Hospitals and Patients: A Panel Discussion

Join Dr. Saif Abed BSc MBBS MPhil MSc, UK NHS’s CISO, Joint Cyber Chair Shaun van Niekerk, Erik Decker, Chief Security and Privacy Officer for the University of Chicago Medicine and Eclypsium’s Principal Strategist Scott Scheferman in a lively, frank and deeply insightful discussion on what the biggest threats to patient and hospital safety are for 2021, and what is being done to get ahead of them. They unpack what makes 2021 a markedly more volatile threat landscape, and how hospitals can measure and triage risks in the form of medical device vulnerabilities, supply chain threats, and ransomware. They also discuss what the impact potential is for the very latest developments in the firmware threat landscape, specifically in the context of critical medical device workflow examples.