Quote:The TrickBot malware has morphed once again, this time implementing functionality designed to inspect the UEFI/BIOS firmware of targeted systems. It marks a serious resurgence following an October takedown of the malware’s infrastructure by Microsoft and others.
The Windows Unified Extensible Firmware Interface (UEFI) is a specification that governs the operation of low-level platform firmware, including the loading of the operating system itself. It can also be used when the OS is already up and running, for example in order to update the firmware. BIOS meanwhile is firmware used to perform hardware initialization during the booting process, and to provide runtime services for operating systems and programs.
According to collaborative research from Advanced Intelligence (AdvIntel) and Eclypsium, the additional TrickBot functionality, which they call “TrickBoot,” checks devices for known vulnerabilities that can allow attackers to read, write or erase the UEFI/BIOS firmware of a device.
This offers a number of advantages: Embedding malicious code in the booting mechanism ensures that it runs first, before any other functions. This “bootkit” functionality thus allows an attacker to control how the operating system is booted or even directly modify the OS to gain complete control over a system and subvert higher-layer security controls.
“This activity sets the stage for TrickBot operators to perform more active measures such as the installation of firmware implants and backdoors or the destruction (bricking) of a targeted device,” researchers explained, in a posting on Thursday, adding that such bricking is difficult to remedy. “It is quite possible that threat actors are already exploiting these vulnerabilities against high-value targets.”
Read more: https://threatpost.com/trickbot-returns-...ns/161873/
![[-]](https://www.geeks.fyi/images/collapse.png)
