Uncategorized

Kaspersky 2018 Threat Predictions: Sophisticated UEFI and BIOS attacks

Kaspersky Security Bulletin: Threat Predictions for 2018
Juan Andrés Guerrero-Saade, Costin Raiu, Kurt Baumgartner
[…]
Sophisticated UEFI and BIOS attacks.
The Unified Extensible Firmware Interface (UEFI) is a software interface which serves as the intermediary between the firmware and the operating system on modern PCs. Established in 2005 by an alliance of leading software and hardware developers, Intel most notable amongst them, it’s now quickly superseding the legacy BIOS standard. This was achieved thanks to a number of advanced features that BIOS lacks: for example, the ability to install and run executables, networking and Internet capabilities, cryptography, CPU-independent architecture and drivers, etc. The very advanced capabilities that make UEFI such an attractive platform also open the way to new vulnerabilities that didn’t exist in the age of the more rigid BIOS. For example, the ability to run custom executable modules makes it possible to create malware that would be launched by UEFI directly before any anti-malware solution – or, indeed, the OS itself – had a chance to start. The fact that commercial-grade UEFI malware exists has been known since 2015, when the Hacking team UEFI modules were discovered. With that in mind, it is perhaps surprising that no significant UEFI malware has been found, a fact that we attribute to the difficulty in detecting these in a reliable way. We estimate that in 2018 we will see the discovery of more UEFI-based malware.[…]

https://securelist.com/ksb-threat-predictions-for-2018/83169/
https://cdn.securelist.com/files/2017/11/KSB_Predictions_2018_eng.pdf
https://www.kaspersky.com/blog/cyberthreats-in-2018-forecasts-financial/20144/

Standard

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s