Attacks from nation-states targeting physical device supply chains posing a rising threat

News
By
published

91% of organizations surveyed believe they are at risk

Circuit board and shield icon, Hardware security, computer data protection and electronic technology concept,
(Image credit: Shutterstock / Blue Andy)

A growing number of businesses believe they have been impacted by hardware supply chain attacks from nation-state threat actors - with 29% of US firms believing they have been targeted.

Researchers from HP Wolf Security surveyed 800 IT and security decision makers (ITSDM) to investigate perceived threats aimed at device hardware and firmware within the physical supply chain.

Over a third of those studied believed they had been targeted by nation-state actors attempting to interest malicious hardware or firmware into devices - and half said they were concerned they cannot verify PC, laptop, or printer hardware hasn’t been tampered with in transit.

Supply chain security

The organizations studied were overwhelmingly concerned with physical targets like PCs, laptops, and printers within the supply chain, with 91% believing that nation-state actors will use malicious components to attack hardware. Uncertainty is rising, with 78% of ITSDMs saying their attention to software and hardware supply chain security will grow as attackers try to infect devices during transit.

Hardware and firmware attacks are particularly alarming as particularly difficult to detect, remove, and remediate. Security tools sit within the operating system, so devices that have been tampered with are hard to identify.

Once an attacker has compromised the hardware or firmware of a device, they have complete control over the appliance, and can see anything the machine is used for.

“‘In today’s threat landscape, managing security across a distributed hybrid workplace environment must start with the assurance that devices haven’t been tampered with at the lower level,” said Boris Balacheff, HP’s Chief Technologist for Security and Research Innovation.

Going forward, HP recommends organizations monitor compliance of device hardware and firmware configuration across all devices, as well as securely managing firmware configurations and adopting platform certificate technology to verify hardware integrity.

More from TechRadar Pro

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.