An increasing number of businesses believe they have been hit by hardware supply chain attacks from nation-state threat actors: 29% of US businesses believe they have been targeted.
HP Wolf Security researchers surveyed 800 IT and security decision makers (ITSDMs) to investigate perceived threats targeting device hardware and firmware within the physical supply chain.
More than a third of those surveyed believed they had been targeted by nation-state actors trying to introduce malicious hardware or firmware onto devices, and half said they were concerned about not being able to verify that PC, laptop or printer hardware had not been tampered with during transport.
Supply chain security
Organizations surveyed were overwhelmingly concerned about physical targets such as PCs, laptops and printers within the supply chain, with 91% believing nation-state actors would use malicious components to attack hardware. Uncertainty is growing: 78% of IT leaders say their attention to software and hardware supply chain security will increase as attackers attempt to infect devices in transit.
Hardware and firmware attacks are particularly alarming because they are notoriously difficult to detect, remove, and fix. Security tools are embedded within the operating system, so devices that have been tampered with are difficult to identify.
Once an attacker has compromised a device's hardware or firmware, they have complete control over the device and can see what the machine is used for.
“In today's threat landscape, managing security in a distributed hybrid work environment must start with ensuring that devices have not been tampered with at the lowest level,” said Boris Balacheff, director of security technology and research innovation at HP.
Going forward, HP recommends that organizations monitor all devices for hardware and firmware configuration compliance, as well as securely manage firmware configurations and adopt platform certificate technology to verify hardware integrity.
