Skip to main content

GovWare 2022 Full Agenda

GovWare 2023 Temp Background


Cyberwar and the Weaponisation of Firmware

18 Oct 2022
Level 3, Room GW2 | Sands Expo and Convention Centre
Cyber Attacks and the Challenges of a Holistic Response

CISA's recent list of KEV's (Known Exploited Vulnerabilities) reveals an alarming trend: vulnerabilities in the supply chain of critical network and end-user devices are exploited in both state-sponsored and cyber criminal operations. While thousands of vulnerabilities are reported yearly, only 4% of them become actively exploited and device firmware has become one of the fastest growing vectors. Due to mission-criticality, patching complexity and complex supply chains, the exposure of vulnerable devices is measured in years rather than months for traditional application and OS vulnerabilities. This talk will highlight Eclypsium's research into the shift to this critical yet under-defended attack surface and will cover firmware attack campaigns targeting supply chain vulnerabilities, why attacking supply chain firmware vulnerabilities provide a high ROI and tactical advantage to adversaries and common attack-paths leveraged during exploitation.


Dr Yuriy Bulygin, Chief Executive Officer and Co-Founder - Eclypsium