And it’s no surprise that such a widespread technology has also become a tempting target for threat actors in their search for ultimate persistence. As a leading technology embedded into chips of modern computers and devices, it plays a crucial role in securing the pre-OS environment and loading the operating system. The days of UEFI (Unified Extensible Firmware Interface) living in the shadows of the legacy BIOS are gone for good. Alongside Kaspersky’s recent discovery of the unrelated FinSpy bootkit, it is now safe to say that real-world UEFI threats are no longer limited to SPI flash implants, as used by Lojax. The bootkit, which we’ve named ESPecter, can bypass Windows Driver Signature Enforcement to load its own unsigned driver, which facilitates its espionage activities. ESET research discovers a previously undocumented UEFI bootkit with roots going back all the way to at least 2012ĮSET researchers have analyzed a previously undocumented, real-world UEFI bootkit that persists on the EFI System Partition (ESP).
0 Comments
Leave a Reply. |