HP’s Val Gabriel discusses nation-state cyberthreats in the hardware supply chain and how to mitigate these types of attacks.
One of the most prominent concerns of the modern threat landscape is the security standards of supply chains and third-party vendors. When a third-party software or hardware vendor is compromised by a cyberattack, the consequences can be far-reaching and can result in a domino effect of compromised organisations.
In fact, one of the biggest objectives of the Digital Operational Resilience Act, which comes into effect in January, is enhancing third-party and supply chain security standards.
When it comes to these cyberthreats, many would think of software-induced cyberattacks through data breaches and penetrated systems. But, as recent research indicates, physical tampering appears to be on the rise.
Back in August of this year, HP Wolf Security released a study highlighting the rise of nation-state threat actors targeting physical device supply chains.
According to the research, which was compiled from an online survey of 803 IT and security decision-makers in the US, Canada, UK, Japan, Germany and France, nearly one in five (19pc) businesses have been impacted by attacks on PC, laptop or printer supply chains. In the US alone, this figure rises to 29pc.
According to Val Gabriel, managing director for Ireland at HP, these hardware attacks can be severe as they can sit below a device’s operating system (OS).
“When threat actors target and compromise a device at the firmware or hardware layer, they gain unparalleled visibility and control over everything that happens on that machine,” he says. “Attacks like this are incredibly hard to detect, as most security tools sit within the operating system.
“Attacks that successfully establish a foothold below the operating system are very difficult to remove and remediate, which adds to the challenge for IT security teams.”
As for the consequences of these types of attacks, Gabriel says that they can be “incredibly damaging”, often resulting in a “substantial financial loss which can arise from the theft of corporate and/or personal information, financial information … leaving many in a compromising and vulnerable position”.
“Falling victim to this can result in the destruction or corruption of databases and be incredibly damaging for organisations or individuals on personal devices.”
Nation-state threats
According to the report, the majority of IT professionals believe hardware and firmware attacks are becoming increasingly popular with nation-state cyberattackers. In fact, almost two-thirds (63pc) of respondents believe the next major nation-state attack will involve the tampering of hardware supply chains to sneak in malware.
According to Gabriel, mitigating these types of attacks can be difficult, especially for organisations with a hybrid workplace environment.
“Managing security across a distributed hybrid workplace environment can leave any business or organisation more susceptible to security attacks if devices can’t be guaranteed they haven’t been tampered with in transit to employees,” he says.
The report highlighted the vulnerability of organisations when it comes to device tampering, as 51pc of IT decision-makers stated that they are unable to verify if tech hardware such as PCs and laptops have been tampered with while in transit. 77pc said that they need a way to verify hardware integrity to mitigate the risk of tampering.
“In today’s threat landscape, it must start with the assurance that devices haven’t been tampered with at the lower level,” says Gabriel.
Protection
In order to protect and mitigate against hardware security attacks, Gabriel and HP Wolf Security have some advice, such as adopting platform certification tech designed to enable verification of hardware and firmware integrity upon device delivery.
Gabriel also advises IT teams to use technology to securely manage firmware configurations on devices, which can “enable administrators to manage firmware remotely using public-key cryptography, eliminating the use of less secure password-based methods”.
He emphasises that ultimately, organisations can mitigate these supply chain attacks by understanding their attack surface and using tools and best practices to reduce an exposure to attack.
“These can include key supply chain risk management practices such as vendor management, ongoing risk assessments and audits, strict access controls and a zero-trust infrastructure, together with visibility into your entire supply chain on an ongoing basis.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.