Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us

 In Biz & IT, bootkit, Features, rootkit, uefi

Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us

Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us

Enlarge (credit: Getty Images)

Researchers have unpacked a major cybersecurity find—a malicious UEFI-based rootkit used in the wild since 2016 to ensure computers remained infected even if an operating system is reinstalled or a hard drive is completely replaced.

The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right. It’s located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch the code. Because it’s the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows.

Exotic, yes. Rare, no.

On Monday, researchers from Kaspersky profiled CosmicStrand, the security firm’s name for a sophisticated UEFI rootkit that the company detected and obtained through its antivirus software. The find is among only a handful of such UEFI threats known to have been used in the wild. Until recently, researchers assumed that the technical demands required to develop UEFI malware of this caliber put it out of reach of most threat actors. Now, with Kaspersky attributing CosmicStrand to an unknown Chinese-speaking hacking group with possible ties to cryptominer malware, this type of malware may not be so rare after all.

Read 19 remaining paragraphs | Comments

Turns out they’re not all that rare. We just don’t know how to find them.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt