Microsoft’s inaugural Security Signals report for March 2021 shows that 80% of enterprises have experienced one firmware attack during the past two years, but less than a third of security budgets are dedicated to protecting firmware.  Firmware attacks are tricky to deal with. State-sponsored hacking group APT28, or Fancy Bear, was caught in 2018 using a Unified Extensible Firmware Interface (UEFI) rootkit to target Windows PCs. There have also been attacks that rely on hardware drivers, such as RobbinHood, Uburos, Derusbi, Sauron and GrayFish, as well as ThunderSpy, a theoretical attack aimed at Thunderbolt ports.

Microsoft launched a new range of “Secured-Core” Windows 10 PCs last year to counter malware that tampers with the code in motherboards that boots a PC. It’s also released a UEFI scanner in Microsoft Defender ATP to scan inside the firmware filesystem for the presence of malware. SEE: Network security policy (TechRepublic Premium) But enterprises aren’t treating the firmware attacks seriously enough, according to a study that Microsoft commissioned Hypothesis Group to conduct.   “The study showed that current investment is going to security updates, vulnerability scanning, and advanced threat protection solutions,” Microsoft notes.    “Yet despite this, many organizations are concerned about malware accessing their system as well as the difficulty in detecting threats, suggesting that firmware is more difficult to monitor and control. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation.”

It’s worth noting that Microsoft is promoting its “emerging class of secured-core hardware”, such as the Arm-based Surface Pro X, which start at $1,500, with the SQ2 processor, or HP’s Dragonfly laptops that retail for no less than $2,000.  But the company does have a point. Firmware lives below the operating system and is where credentials and encryption keys are stored in memory, where it’s not visible to antivirus software. “Many devices in the market today don’t offer visibility into that layer to ensure that attackers haven’t compromised a device prior to the boot process or at runtime bellow the kernel. And attackers have noticed,” Microsoft says.  SEE: Phishing: These are the most common techniques used to attack your PC The question is whether security teams are looking enough at future threats. Microsoft thinks they’re not. The Security Signals survey found that 36% of businesses invest in hardware-based memory encryption and 46% are buying in hardware-based kernel protections. Microsoft’s study found that security teams are focussing on “protect and detect” models of security, pointing out that only 39% of security teams’ time is spent on prevention.  The lack of proactive defense investment in kernel attack vectors is an example of this outdated model, according to Microsoft. Most of the 1,000 enterprise security decision makers interviewed (82%) said they don’t have enough resources to address high-impact security work because they’re too busy dealing with patching, hardware upgrades, and mitigating internal and external vulnerabilities. More

October 4th got off to a bad start for Facebook. The world’s most popular social network went down at about 11:44 EDT. It wasn’t just Facebook though. Instagram, WhatsApp, and Facebook Messenger also went down.While Facebook has yet to report on what’s happening with this total social network failure, website status sites such as DownForEveryoneOrJustMe and DownDetector are all reporting that Facebook is down. The problem isn’t limited to just the United States. There are numerous reports that the site is down in Europe and the Middle East.Some Facebook users report seeing an error message reading: “Sorry, something went wrong. We’re working on it and we’ll get it fixed as soon as we can.” Instagram and WhatsApp users say they’re getting a “5xx Server Error.” Facebook Communications Director Andy Stone tweeted, “We’re aware that some people are having trouble accessing our apps and products. We’re working to get things back to normal as quickly as possible, and we apologize for any inconvenience.”This collapse comes the morning after Facebook whistleblower Frances Haugen revealed on 60 Minutes that Facebook’s own research shows that it amplifies hate, misinformation, and political unrest to maximize profits over the good of the public.Related Stories: More

Credit: Microsoft Less than a month after it postponed the end of support for some Windows 10 1709 versions, Microsoft is doing the same for Windows 10 1809, the feature update to Windows 10 released in the fall of 2018. In the case of Windows 10 1809, however, the delay affects more of the available […] More

Image: Getty Images
The Quadrilateral Security Dialogue, better known as the Quad, has announced various non-military technology initiatives aimed at establishing global cooperation on critical and emerging technologies, such as AI, 5G, and semiconductors.The various technology initiatives were announced after the leaders of Quad countries — comprised of Australia, India, Japan, and the US — met on Friday, which marked the first time the group has come together in person.Among the initiatives announced by the security bloc was the intention to develop new global cybersecurity standards across various technology sectors.”With respect to the development of technical standards, we will establish sector-specific contact groups to promote an open, inclusive, private-sector-led, multi-stakeholder, and consensus-based approach,” the Quad said in a joint statement.As part of work to be undertaken towards establishing these global technology standards, the Quad said it would publish a Quad Statement of Principles, which will be a guide for implementing responsible, open, high-standards innovation.”We are working to make cyberspace and emerging and critical technologies trusted and secure, in open societies, solving problems, and addressing the supply chain challenges that in many ways hold the keys to our security and our prosperity and our environment in the 21st century,” Australian Prime Minister Scott Morrison said.A new Quad Senior Cyber Group will also be established. The group will consist of “leader-level experts” who will meet regularly to advance work between government and industry to drive the adoption and implementation of shared cyber standards; development of secure software; growth of the tech workforce; and promotion of scalability and cybersecurity of secure and trustworthy digital infrastructure.

The security bloc will also begin cooperation focused on space and combatting cyber threats, promoting resilience, and securing critical infrastructure together, the countries said.For space specifically, the Quad nations will identify new collaboration opportunities and share satellite data for peaceful purposes such as monitoring climate change, disaster response and preparedness, sustainable uses of oceans and marine resources, and on responding to challenges in shared domains.Other technology initiatives announced by the Quad over the weekend was a new fellowship that will be established together with industry. The fellowship will provide 100 graduate fellowships to science, technology, engineering, and mathematics graduate students across the four countries.New initiatives to improve semiconductor supply chains, 5G deployment and diversification, and monitor biotech scanning trends were also announced.In announcing these new initiatives, the Quad sledged China, although China was not named, by jointly saying: “We will continue to champion adherence to international law … to meet challenges to the maritime rules-based order, including in the East and South China Seas”.”We affirm our support to small island states, especially those in the Pacific, to enhance their economic and environmental resilience,” the Quad added.The movements from Quad countries follow various international pacts coming to the fore in recent weeks, with Quad members, Australia and the US, joining the UK to establish the AUKUS security pact.AUKUS, made public a fortnight ago, was established by the three governments to address defence and security concerns posed by China within the Indo-Pacific region. The trilateral security pact’s focus has so far been military-heavy unlike the Quad’s new initiatives, with AUKUS’ first initiative being to help Australia acquire nuclear-powered submarines. Meanwhile, both China and Taiwan have formally applied to join the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), one of the world’s largest trade pacts. RELATED COVERAGE More

Google has signed a new deal with the US Air Force Research Laboratory (AFRL) that will see scientists and engineers there use Google Workspace. The US Air Force Research Laboratory supports both the US Air Force and the US Space Force while providing new technologies for the US military. According to Google, the lab focuses on everything from laser-guided optics enabling telescopes to see deeper into the universe to fundamental science that helped create innovations in quantum computing and artificial intelligence. The US Air Force Research Laboratory will now use Smart Canvas, Google Meet, and Google Cloud technology in their work. “COVID-19 significantly limited the physical presence of researchers in the lab,” said Dr. Joshua Kennedy, a research physicist at AFRL. “Google Workspace eliminated what would have otherwise been almost a total work stoppage. In fact, new insights into 2D nanomaterials, critical to future Department of the Air Force capabilities, were discovered using Workspace that would have otherwise been impossible.” Maj. Gen. Heather Pringle added that the move was part of her efforts to modernize the technology used by AFRIL. She said the lab started experimenting with Google Workspace to supplement existing capabilities, noting that it has “revolutionized” their collaboration ability with external partners.”Our mantra is ‘collaborate to innovate.’ We want our alpha nerds to be very connected, and we really want to up their proficiency as a digital workforce where data becomes a third language,” Pringle said. “We’re incorporating digital engineering into everything we do in science and technology and have a data-informed human capital strategy.”Alongside the news of the US Air Force deal, Google Cloud vice president Mike Daniels announced that Google Workspace achieved FedRAMP High and IL4 authorization from the Defense Information Systems Agency (DISA), meaning the company will be able to collaborate more with the US military.

“Expanding our list of compliance certifications and adding security and compliance resources is a critical part of Google Cloud’s mission to deliver agile, open architectures, unified data and analytics, and leading security solutions — along with productivity tools that support an increasingly hybrid workforce,” Daniels said in a blog post, explaining that in the US, FedRAMP and NIST frameworks “set the bar for the security of society’s most vital systems.””The weight of this responsibility is reflected in the high bar that must be met to receive FedRAMP High authorization. This is a major milestone in our longstanding commitment to serving the needs of the public sector and to making the world a safer place for everyone.”Daniels added that with the certifications, the US federal government can now deploy Google Workspace within a variety of projects. “With FedRAMP High authorization across Workspace’s public cloud offering, any customer can rest assured that they are collaborating at this high level of security, without having to purchase and deploy a separate ‘gov cloud’ instance. It also means they can operate seamlessly with relevant government agencies without additional overhead,” Daniels explained. “Another key security standard at the federal level is the Impact Level 4 (IL4) designation, which applies to controlled unclassified information (CUI). Today, we’re proud to announce that Google has earned IL4 authorization from the Defense Information Systems Agency (DISA), allowing CUI to be stored and processed across key Google Cloud services, including our compute, storage and networking offerings, data analytics, virtual private cloud, and identity and access management technologies, when used with Assured Workloads.”In April, the technology giant announced that four other products have also received FedRAMP High authorization, including Google’s Admin Console, Cloud Identity, Identity and Access Management, and the Virtual Private Cloud tools. Daniels noted that the configuration is supported in all seven US regions and “ensures IL4 workloads are supported by US personnel while being stored and processed in the United States.” “Our new IL4 and FedRAMP authorizations join other Google Cloud data privacy and security features that allow customers to comply with the FBI’s Criminal Justice Information Services (CJIS) standard and the IRS’ Publication 1075 (IRS 1075),” Daniels said.”While these are exciting developments for us, we are most excited about what it means for our public sector customers, who are working hard to achieve their missions and can now use cloud-first solutions to deliver on their mandates.” More