A new study by HP Wolf Security, has revealed that 19 percent of businesses worldwide have fallen victim to the growing trend of nation-state actors increasingly targeting physical supply chains to insert malicious hardware or firmware into devices.
This findings disclosed that in US, 28 percent of companies has reported attacks to the attack underscoring a pressing need for organisations to prioritise device hardware and firmware integrity.
Further breakdown of the report analysed that 91 percent organisations foresee nation-state threat actors targeting physical supply chains to implant malware or malicious components, and 63 percent anticipate that the next major nation-state attack will involve the poisoning of hardware supply chains.
“System security relies on strong supply chain security, starting with the assurance that devices are built with intended components and haven’t been tampered with during transit,” said Alex Holland, Principal Threat Researcher at HP Security Lab.
“If an attacker compromises a device at the firmware or hardware layer, they’ll gain unparalleled visibility and control,” the report said.
The survey conducted by Censuswide also highlighted growing organisational concerns regarding supply chain security stating that “A notable 78 percent of IT security decision-makers indicated that their focus on software and hardware supply chain security would increase as attackers continue to target devices during transit.
Additionally, 51 percent expressed concerns over their inability to verify if PC, laptop, or printer hardware and firmware had been tampered with during transit, while 77 percent disclosed the necessity of verifying hardware integrity to mitigate the risk of device tampering.
In response to these findings, HP Wolf Security has offered several recommendations for organisations to strengthen their defenses. It said, “Customers are advised to adopt Platform Certificate technology to verify hardware and firmware integrity upon device delivery.”
“Additionally, securely managing firmware configuration using technology like HP Sure Admin or HP Security Manager is recommended. Organisations are also encouraged to utilize vendor factory services to enable hardware and firmware security configurations from the factory and to monitor ongoing compliance of device hardware and firmware configurations across their fleet,” the HP report disclosed.
