So, anyway, in my last post, I opined that 2021 might be saying, "Hold my beer", and this morning we wake up to news of the SolarWinds attack.
Now, so far, there has not been any mention of resultant firmware attacks, but it seems to me that the attackers were sufficently "sophisticated" that they are capable of such attacks.
Systems seem to have been compromised for six to nine months, and that is plenty of time to (1) install a signed firmware driver, (2) modify the firmware, and (3) remove the signed firmware driver.
It might not have happened... but it might have.
The question then becomes... how would you know?
Everyone, from .gov to F500 needs to start to monitor their firmware. It's not part of your average toolkit, but there are options, and I blogged about how to dump your firmware here, and we are happy to help if you need it.
2021 is warming up!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment