Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

CYBER SECURITY | New malware can survive even on reinstalled OS, wiped-out HDD/SDD

0

ESET, has recently confirmed the existence of a dangerous malware that infects a targeted computer by re-writing the Unified Extensible Firmware Interface (UEFI), which is located in the motherboard’s flash memory.

internal-hdd-malware

Slovakia-based IT security company, ESET, has recently confirmed the existence of a dangerous malware, dubbed LoJax, that infects a targeted computer by re-writing the Unified Extensible Firmware Interface (UEFI) which is located in the motherboard’s flash memory, allowing it to survive even when you wipe/replace your hard disk and re-install your operating system.

UEFI rootkits are extremely dangerous as they are hard to detect and able to survive cybersecurity measures such as reinstallation of the operating system or even a hard disk replacement. Moreover, even cleaning a system that was infected with a UEFI rootkit requires knowledge well beyond the reach of a typical user, such as flashing the firmware.

Many experts had talked about UEFI rootkits as a theoretical attack but ESET was able to detect the first-ever publicly known attacks of this kind which affected several high-profile targets in Central and Eastern Europe and was confirmed to be a part of a campaign run by the infamous Sednit group.

Sednit, also known as APT28, STRONTIUM, Sofacy or Fancy Bear, is one of the most active Advanced Persistent Threat (APT) groups and has been operating since at least 2004. The Democratic National Committee hack that affected the 2016 US elections, the hacking of global television network TV5Monde, the World Anti-Doping Agency email leak, and many others are believed to be the work of Sednit.

“Although, in theory we were aware that UEFI rootkits existed, our discovery confirms they are used by an active (APT) group,” said Jean-Ian Boutin, ESET senior security researcher who led the research into LoJax and Sednit’s campaign. “So they are no longer just an attractive topic at conferences, but a real threat.”

The discovery of the first-ever malware in-the-wild UEFI rootkit serves as a wake-up call for users and their organizations who often ignore the risks connected with firmware modifications. Even if UEFI-based attacks are extremely rare, this will push I.T. security providers to include the firmware in regular scanning because if such an attack succeed in taking over the computer’s firmware, it would lead to the full control of the compromised computer to the hackers with near total persistence.

ira
by Ira James, contributing writer
Contributing writer at TechSabado.com | Website

Leave a Reply

Your email address will not be published. Required fields are marked *