Dubbed “LoJax,” the malware is the first case of an attack leveraging the Unified Extensible Firmware Interface (UEFI) boot system being used in an attack by an adversary. And based on the way the malware was spread, it is highly likely that it was authored by the Sednit/Fancy Bear/APT 28 threat group—the Russian state-sponsored operation tied by US intelligence and law enforcement to the cyber-attack on the Democratic National Committee.
There have been a number of security concerns about UEFI’s potential as a hiding place for rootkits and other malware, including those raised by Dick Wilkins and Jim Mortensen of firmware developer Phoenix Technologies in a presentation at UEFI Plugfest last year. “Firmware is software and is therefore vulnerable to the same threats that typically target software,” they explained. UEFI is essentially a lightweight operating system in its own right, making it a handy place to put rootkits for those who can manage it.
Read 10 remaining paragraphs | Comments