
By Byron V. Acohido
What does Chinese tech giant Huawei have in common with the precocious kid next door who knows how to hack his favorite video game?
Related: Ransomware remains a scourge
The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. The latter knows how to carry out a DLL injection hack — to cheat the game score. These happen to represent two prime examples of cyber attack vectors that continue to get largely overlooked by traditional cybersecurity defenses.
Tech consultancy IDC tells us that global spending on security hardware, software and services is on course to top $103 billion in 2019, up 9.4 percent from 2018. Much of that will be spent on subscriptions for legacy systems designed to defend network perimeters or detect and deter malicious traffic circulating in network logs.
However, the threat actors on the leading edge are innovating at deeper layers. One security vendor that happens to focus on this activity is Virsec, a San Jose-based supplier of advanced application security and memory protection technologies. I had the chance to visit with Willy Leichter, Virsec’s vice president of marketing, at Black Hat 2019.
“There are multiple vectors, lots of different ways people can inject code directly into an application,” Leichter told me. “And now we’re hearing about new threats, throughout the whole supply chain, where there might be malware deeply embedded at the firmware level, or at the processor level, that can provide ways to get into the applications, and get into the data.”
For a full drill down of our discussion, give a listen to the accompanying podcast. Here are a few key takeways:
Firmware exposures
Firmware is the coding built into computing devices and components that carry out the low-level input/output tasks necessary to enable software applications to run. Firmware is on everything from hard drives, motherboards and routers … more