HomeWinBuzzer NewsMicrosoft Security Signals Report Shows Firmware Attacks On Enterprises are Common

Microsoft Security Signals Report Shows Firmware Attacks On Enterprises are Common

However, despite firmware attacks happening to most companies, the Security Signals report shows many are ignoring the risk.


is warning firmware attacks are on the rise, but customers are not doing enough to mitigate against them. In its first ever Security Signals Report (March 2021), Microsoft says 80% of businesses have been victim of at least one firmware attack during the last two years.

Despite persistent and ongoing threats, enterprises only dedicated under a third of their security budgets to mitigating firmware.

That's seemingly not enough to prevent attacks. Firmware attacks a known for being tough to manage and Microsoft services are vulnerable to such threats. Indeed, back in 2018, a state sponsored group called Fancy Bear was found leveraging a Unified Extensible Firmware Interface (UEFI) for attacks on Windows 10.

Since then, Microsoft has been working to ensure such an attack cannot happen again. In 2020, the company added a UEFI scanner to Microsoft Defender. The UEFI scanner has a tool that can scan firmware filesystems while performing security checks.

Serious Problem

However, it does not really matter what Microsoft does if organizations are not taking firmware-level attack seriously. Microsoft's study, conducted on the company's behalf by Hypothesis Group, shows companies are not dedicating enough resources to this problem.

“The study showed that current investment is going to security updates, vulnerability scanning, and advanced threat protection solutions,” Microsoft says.

“Yet despite this, many organizations are concerned about malware accessing their system as well as the difficulty in detecting threats, suggesting that firmware is more difficult to monitor and control. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of .”

Of the 1,000 security executives the study canvased, 82% claim they do not have the resources to manage a high-impact firmware attack. They say most of their time and budget goes on issuing hardware upgrades, delivering patches, and mitigating other vulnerabilities.

Tip of the day:

When using your Windows 10 laptop or convertible with a mobile hotspot
you might want to limit the Internet bandwidth your PC uses. In our tutorial we are showing you how to set up a metered connection in Windows 10 and how to turn it off again, if needed.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News