Modifications to the UEFI software, in this case, to contain malicious code, makes its activity potentially invisible to security solutions and to the operating system’s defences.Īccording to the researchers, this and the fact that the firmware resides on the chip separate from the hard drive, makes the attacks against UEFI firmware exceptionally evasive and persistent.
Its code launches software component that loads the operating system.
The UEFI firmware, the successor of BIOS, is a critical component to boot up computers. And though the end goal being pursued by the attackers remains unknown, researchers observed that victims were individual users as opposed to corporate computers. We are left to wonder what new tools they have created in the meantime that we have yet to discover,” said Ivan Kwiatkowski, senior security researcher at Global Research and Analysis Team (GReAT) at KasperskyĬosmicStrand is attributed to previously unknown Chinese-speaking actor. “This indicates that some threat actors have had very advanced capabilities that they’ve managed to keep under the radar since 2017. (Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. CosmicStrand seems to have been in use in the wild since the end of 2016, long before firmware attacks became public. Irrespective of how many times the operating system is reinstalled, the malware will stay on the device.Kaspersky’s team discovered the firmware was developed by an advanced persistent threat (APT) actor. The rootkit was used to target private individuals and has so far been used in Vietnam, Iran, and Russia.
This, and the fact that the firmware resides on a chip separate from the hard drive, makes attacks against UEFI firmware exceptionally evasive and persistent. If UEFI firmware is modified to contain malware, the malicious code will be launched before the operating system, making its activity potentially invisible to security solutions and to the operating system’s defences.
UEFI firmware is a critical component in the vast majority of hardware, because its code is responsible for booting up a device and launching the software component that loads the operating system. Researchers from Kaspersky have discovered a unified extensible firmware interface (UEFI) rootkit that stays on the victim’s machine even after the operating system has been rebooted or reinstalled.ĭub bed ‘CosmicStrand’, it was developed by an advanced persistent threat (APT) actor and i ts persistence makes it very dangerous in the long run, says Kaspersky.
0 kommentar(er)
