Roughly one-fifth of enterprise IT administrators have found themselves the target of a state-sponsored attack, according to a survey from HP Wolf.
The survey found that of 800 respondents in the IT industry, worldwide 19% reported being the target of an attack on networks, PCs, and internet-facing printers in an apparent effort to penetrate the supply chain.
The tech giant said that its security branch found that companies were increasingly finding themselves in the crosshairs of state-sponsored hacking groups intent on pilfering data and extracting money, with 20% of those reporting an attack coming under fire in the U.S.
Otherwise unassuming companies are being targeted by threat actors not for the data they harbor, but for the clients they work with, according to the HP Wolf team.
“System security relies on strong supply chain security, starting with the assurance that devices are built with the intended components and haven’t been tampered with during transit,” said Alex Holland, a principal threat researcher with the HP Security Lab.
“If an attacker compromises a device at the firmware or hardware layer, they’ll gain unparalleled visibility and control over everything that happens on that machine.”
Holland noted that in many cases the state-sponsored attackers (HP did not name any specific nation-states, but the biggest offenders are well-known) will often look to get in on the supply chain in an effort to get their malicious code running on a lower level that most consumer and enterprise security packages cannot reach.
Ideally, threat actors would like to infiltrate PCs and servers at the firmware level. While such attacks are hard to achieve, they are incredibly useful as they result in resilience against all but a hard firmware reset to factory settings.
“Such attacks are incredibly hard to detect, as most security tools sit within the operating system,” said Holland.
“Moreover, attacks that successfully establish a foothold below the OS are very difficult to remove and remediate, adding to the challenge for IT security teams.”
Examples of such attacks are not hard to find. Upstream attacks on companies such as SolarWinds and Snowflake have resulted in serious data breaches for client companies of those services and millions of compromised records that the company itself had little to no defense for.
