Security risks are deeper than you think

Malware was recently discovered in the firmware memory of motherboards.

According to researchers at Kaspersky, firmware on motherboards is susceptible to compromise. What makes this kind of vulnerability so challenging is that this layer is "below" the hard drive. This means that even formatting your hard drive would not eradicate the infection! This kind of attack is known as a "boot kit". It is so named because your computer relies upon hardware and firmware layers to get your computer started, or commonly referred to as "booted".

Here are the basic steps your computer goes through when it boots.

Hardware powers up.

Very low level code is initiated to extract firmware from on-motherboard non-volatile memory chips known as EEPROMs. Non-volatile means that the data persists even without power.

This code is used to interact with your hard drive, which subsequently begins the process of getting your computer operating system running.

When we think of security, we often speak in terms of Confidentiality, Integrity, and Availability.

In this case, the integrity of the code running on this lowest level has been compromised to become a vector for a subsequent step in a more sophisticated attack.

The best defense against this sort of attack is diligence around the integrity of the images of firmware (UEFI) on your motherboard. This is a daunting task.

If you have highly confidential data or if you rely on your computer to run your business, consider getting professional assistance.

Blog

← Back to BLOG

Security risks are deeper than you think

Posted by navitend

CATEGORIES

TAGS

Archives

Testimonials

"Thanks so much! You are a class act!
You and your team have really done an excellent job on this!"

Steve Van Ooteghem, The C12 Group in Houston, Texas

navitend’s approach to customer service is greatly appreciated here. Ensuring that we are well protected from a technology standpoint provides us with peace of mind to continue our day to day operations and that they are looking out for our company's best interest.

Debbie

"Thanks so much again for taking care of everything in such an expedient manner. It's a pleasure to work with navitend and its staff as always!"

Lawrence Wolfin / Textol Systems, Inc.

"We've dedicated our lives to growing our retail and ecommerce business and it's a relief to have found a company like navitend who treats our business likes it's their own. navitend's personal approach to project management and problem solving are top-notch."

Stamatis, Co-owner Twisted Lily, Fragrance Boutique and Apothecary

"Our company is more efficient and has grown as a result of navitend’s work. navitend helped us get to the next level."

Greg Niccolai / Madison Insurance

"I look forward to working with you again in the future. Once again, thanks to your organization for your prompt response."

Luke Wolters / Luke Wolters Tax Consultants

“Navitend’s expertise helped our firm over the past year to effectively elevate our I.T. game, powering our website into a highly interactive tool. Well done to Frank and his team!”

Chuck Steege, CFP®, CEP, President, SFG Wealth Planning Services, Inc.

"navitend has been a great IT partner for our company. Their helpdesk response time is the best I have experienced in my 30 year career. navitend has helped me to have great IT services without the need to have a full time, in house, technician at significant savings to our company."

Bob Bradley, President, Bradley Graphics

"I appreciate that they didn’t just build the application. They made it better by bringing ideas to the table that not only made for a better user experience, but also kept the development costs down."

Andy Lynch / North Star Marketing

Blog

← Back to BLOG

Security risks are deeper than you think

Posted by navitend

CATEGORIES

TAGS

Archives

Testimonials

"Thanks so much! You are a class act! You and your team have really done an excellent job on this!"

Steve Van Ooteghem, The C12 Group in Houston, Texas

navitend’s approach to customer service is greatly appreciated here. Ensuring that we are well protected from a technology standpoint provides us with peace of mind to continue our day to day operations and that they are looking out for our company's best interest.

Debbie

"Thanks so much again for taking care of everything in such an expedient manner. It's a pleasure to work with navitend and its staff as always!"

Lawrence Wolfin / Textol Systems, Inc.

"We've dedicated our lives to growing our retail and ecommerce business and it's a relief to have found a company like navitend who treats our business likes it's their own. navitend's personal approach to project management and problem solving are top-notch."

Stamatis, Co-owner Twisted Lily, Fragrance Boutique and Apothecary

"Our company is more efficient and has grown as a result of navitend’s work. navitend helped us get to the next level."

Greg Niccolai / Madison Insurance

"I look forward to working with you again in the future. Once again, thanks to your organization for your prompt response."

Luke Wolters / Luke Wolters Tax Consultants

“Navitend’s expertise helped our firm over the past year to effectively elevate our I.T. game, powering our website into a highly interactive tool. Well done to Frank and his team!”

Chuck Steege, CFP®, CEP, President, SFG Wealth Planning Services, Inc.

"navitend has been a great IT partner for our company. Their helpdesk response time is the best I have experienced in my 30 year career. navitend has helped me to have great IT services without the need to have a full time, in house, technician at significant savings to our company."

Bob Bradley, President, Bradley Graphics

"I appreciate that they didn’t just build the application. They made it better by bringing ideas to the table that not only made for a better user experience, but also kept the development costs down."

Andy Lynch / North Star Marketing

"Thanks so much! You are a class act!
You and your team have really done an excellent job on this!"