This week Moscow-based Kaspersky Lab published a report that examines a group of hackers, the Equation group, and the depths they have gone to for many years to spy. The report outlines the attacks in detail and highlights, “the group’s attack technologies exceed anything we have ever seen before. This is the ability to infect the hard drive firmware.”
As you consider your options, keep in mind there are a number of approaches to prevent the Equation group’s attack against hard drives.
A fundamental feature that every enterprise bound hard drive should have is preventing its firmware from being altered by an unauthorized agent. The best protection against this vulnerability is to use code signing for firmware updates. Such devices will not allow unsigned firmware to be loaded onto the device. As a further level of protection if somehow unsigned firmware was present on the device, it simply will not operate.
For your external hard drives I suggest these be replaced as soon as possible with drives that support firmware signing.
Protecting your internal hard drives is more difficult. These drives could be infected at any time by self-replicating code such as “Fanny”, physical media (e.g. CD-ROMS), USB devices susceptible to BadUSB, and Web-based exploits. Swapping out internal hard drives is an expensive and time consuming proposition. One option is to immediately switch to a Windows To Go flash drive that supports firmware signing for all of your critical systems as a hard drive replacement.
Windows To Go equips users with a portable Windows corporate image. It uses the flash drive as the system disk, completely insulating the user from the risk of any hard drive infections on the onboard hard drive. This is significantly less costly than replacing the computer’s internal hard drive with a FIPS-approved hard drive and can be easily done in the field without having to pull apart the computer. And, as an added benefit, Windows To Go drives can be centrally managed enabling organizations to track the devices and disable them if lost or stolen.
IronKey™ secure USB hard drive, flash storage and Windows To Go devices are not vulnerable to the Equation group’s malware or the BadUSB attack. IronKey’s leadership in security, including its use of digital signatures in all controller firmware, makes its products immune to these threats.