Intel announced a new, critical vulnerability this week that affects nearly all business desktops and laptops that have an Intel processor capable of running Active Management Technology (AMT) or Small Business Advantage Technology. The vulnerability allows someone to bypass authentication in Intel’s remote management hardware to take over your PC. Dynamic Quest will be assisting our clients and providing services to companies that may be affected.
AMT was designed to let IT administrators remotely manage fleets of computers by doing things such as installing patches and software. What makes this vulnerability unique is it involves direct access with system hardware instead of the operating system. Unauthorized access attempts to AMT also typically are not logged making it very difficult to detect exploitation.
Intel has provided clients with a detection tool to see if this exploit vulnerability affects your system. We recommend contacting your IT department or technology provider and not perform this on your own. For IT managers, the tool is located on the Intel site here. Once you have downloaded it, decompress the zip file to a folder. Open the folder, then open its Windows sub-folder. Launch Intel-SA-00075-GUI.exe.
If the utility results in a vulnerable result, the next step is to check with your PC maker. Dell, HP, Lenovo, Fujitsu, and most major manufacturers are already working on firmware fixes. If you run a “white box” custom built PC, check with the motherboard vendor itself for firmware updates. The schedule for firmware updates for most manufacturers can be downloaded from the links below.
HP: http://www8.hp.com/us/en/intelmanageabilityissue.html
Lenovo: https://support.lenovo.com/us/en/product_security/LEN-14963
Fujitsu: http://support.ts.fujitsu.com/content/Intel_Firmware.asp
Dell: http://en.community.dell.com/techcenter/extras/m/white_papers/20443914
Need assistance? Contact us and we’ll be happy to help.
The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.
More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).
40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).
The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).
The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).
The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.
It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.
We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.
We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”