Threat Reports

The Top 5 Firmware Threats

Eclypsium Threat Report January 2021 Firmware The Top 5 Firmware Threats

2021 kicks off much as 2020 ended, with continued attacks on US Hospitals by the Trickbot /Ryuk actors now armed with TrickBoot’s UEFI targeting capability. Having netted over $150M in profit, the criminal group continues to work with affiliate actors like North Korea.

The Sunburst supply chain attack continues to play out against critical infrastructure, big tech, cybersecurity companies, and the US government. The actors employed highly evasive, unorthodox, and persistent tactics. However, these tactics are now largely burned by researchers and IR teams: Environments that were previously compromised are now instead contested. It is now a battle between defenders looking to hunt, contain, eradicate and restore, and threat actors needing to adapt, evade, and maintain persistence to protect their long-game. In this precise situation, attackers turn to firmware targeting, as closely-related threat actors did in recent years via the LoJax implant. Interestingly, both LoJax’s BIOS Write Enable vulnerability and the driver it uses to target the UEFI are the same ones that the Trickbot/Ryuk ransomware group is now using. 

With firmware-level threats continuing to gain popularity in the wild, security teams need to understand how these threats work and the real-world risks they pose to an organization’s security. So we began the year by updating one of our most popular resources – the Top 5 Firmware Attack Vectors – to highlight the threats that need to be on your radar in 2021. No surprise, supply chain breaches, and UEFI implants are on the list…can you guess the other three? Speaking of Top 5 lists, be sure to read this piece on excuses we tell ourselves for not addressing firmware risk.

If you’ve read this far then you may be wondering how to gauge these latest firmware threats from an Enterprise Risk Management perspective. If so, you are in luck, as we’ve documented these considerations extensively, and also have a short checklist of questions to get you started. As always, the Eclypsium team is here to discuss how to address this rising risk, and of course, demonstrate our solution’s unique ability to meet these threats head-on.

Bug Icon







Safeguarding Device Integrity in the Supply Chain and Beyond

While most organizations are accustomed to dealing with external threats such as malware, the technology supply chain itself has rapidly emerged as an important source of risk. In this live webinar, Eclypsium’s John Loucaides and Andrew Regenscheid from NIST will discuss:

  • How the complex technology supply chain creates concentrations of risk
  • Recent supply chain threats and their implications for enterprise risk management
  • What a supply chain disaster scenario might look like
  • What organizations can do today to begin verifying device integrity in the supply chain and throughout the lifecycle of their devices
  • What’s coming down the road as part of the NIST project for “Validating the Integrity of Computing Devices.”
Top Five Threats to Firmware Security

As firmware-level threats continue to gain popularity in the wild, security teams need to understand how these threats work and the real-world risks they pose to an organization’s security. In this recorded webinar, Eclypsium CEO Yuriy Bulygin and VP of R&D John Loucaides update you on the latest threats to firmware and hardware that need to be on your radar for 2021.

Assessing Your Firmware Security Risk in 2021

How do CISOs assess firmware security risks in the light of recent VPN, malware, and supply chain attacks? In this recorded panel discussion Malcolm Harkins – Chief Security and Trust Officer at Cymatic, Ed Amoroso – CEO of TAG Cyber and Eclypsium CISO Steve Mancini share their thoughts on why every CISO should be assessing their firmware security risk in 2021 and how to go about doing so.