A new report from HP Wolf Security has highlighted the growing danger from threat actors targeting physical device supply chains with 19% of organizations saying they have been impacted by nation-state threat actors targeting physical PC, laptop or printer supply chains.
Of the 800 IT and security decision makers surveyed, almost all (91%) believe nation-state threat actors will target physical PC, laptop or printer supply chains to insert malware or malicious components into hardware and/or firmware.
Meanwhile, over a third (35%) of organizations said that they or others they know have already been impacted by nation-state threat actors targeting supply chains to try and insert malicious hardware or firmware into devices.
“System security relies on strong supply chain security, starting with the assurance that devices are built with the intended components and haven’t been tampered with in the factory or during transit,” commented Alex Holland, Principal Threat Researcher in the HP Security Lab.
“If an attacker compromises a device at the firmware or hardware layer, they’ll gain unparalleled visibility and control over everything that happens on that machine. Just imagine what that could look like if it happens to the CEO’s laptop,” he said.
Around two-thirds (63%) of security leaders surveyed also believe that the next major nation-state attack will involve poisoning hardware supply chains to insert malware.
How to Manage Hardware and Firmware Security
HP Wolf Security has advised customers to take the following steps to help proactively manage device hardware and firmware security:
- Adopt Platform Certificate technology, this is designed to enable verification of hardware and firmware integrity upon device delivery
- Securely manage firmware configuration of devices
- Take advantage of vendor factory services to enable hardware and firmware security configurations right from the factory
- Monitor ongoing compliance of device hardware and firmware configuration across your fleet of devices
The HP Wolf Security survey was conducted from February 22 to March 5, 2024. It is based on a survey of 803 IT and security decision-makers in the US, Canada, UK, Japan, Germany and France. The survey was carried out online.
HP Wolf Security’s research was launched ahead of Black Hat USA 2024.