#BHUSA: Nation-State Attacks Target Hardware Supply Chains

Security

A new report from HP Wolf Security has highlighted the growing danger from threat actors targeting physical device supply chains with 19% of organizations saying they have been impacted by nation-state threat actors targeting physical PC, laptop or printer supply chains.

Of the 800 IT and security decision makers surveyed, almost all (91%) believe nation-state threat actors will target physical PC, laptop or printer supply chains to insert malware or malicious components into hardware and/or firmware.

Meanwhile, over a third (35%) of organizations said that they or others they know have already been impacted by nation-state threat actors targeting supply chains to try and insert malicious hardware or firmware into devices.

“System security relies on strong supply chain security, starting with the assurance that devices are built with the intended components and haven’t been tampered with in the factory or during transit,” commented Alex Holland, Principal Threat Researcher in the HP Security Lab.

“If an attacker compromises a device at the firmware or hardware layer, they’ll gain unparalleled visibility and control over everything that happens on that machine. Just imagine what that could look like if it happens to the CEO’s laptop,” he said.

Around two-thirds (63%) of security leaders surveyed also believe that the next major nation-state attack will involve poisoning hardware supply chains to insert malware.

How to Manage Hardware and Firmware Security

HP Wolf Security has advised customers to take the following steps to help proactively manage device hardware and firmware security:

  • Adopt Platform Certificate technology, this is designed to enable verification of hardware and firmware integrity upon device delivery
  • Securely manage firmware configuration of devices
  • Take advantage of vendor factory services to enable hardware and firmware security configurations right from the factory
  • Monitor ongoing compliance of device hardware and firmware configuration across your fleet of devices

The HP Wolf Security survey was conducted from February 22 to March 5, 2024. It is based on a survey of 803 IT and security decision-makers in the US, Canada, UK, Japan, Germany and France. The survey was carried out online.

HP Wolf Security’s research was launched ahead of Black Hat USA 2024.

Products You May Like

Articles You May Like

DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers
US Organizations Still Using Kaspersky Products Despite Ban
CISA and EPA Warn of Cyber Risks to Water System Interfaces

Leave a Reply

Your email address will not be published. Required fields are marked *