UEFI malware remains a threat to home and business. Hackers have infiltrated the firmware on motherboards with innovative attack methods. ESET technologies protect against the latest malware.
With the malware Lojax, the Unified Extensible Firmware Interface (UEFI) was on everyone's lips in autumn 2018. ESET researchers had found out that hackers can infiltrate the firmware on mainboards with new attack methods and use this to spy on the systems. The hardware and software supply chains are increasingly being targeted by cyber criminals. UEFI malware is used here again and again. It is therefore important to rely on security solutions that also protect the interface between hardware and software. ESET has done pioneering work here and was the first security provider worldwide to integrate a UEFI scanner into its products.
UEFI scanner protects against attacks
“In view of the increasing number of attacks on the hardware and software supply chain, no component should be viewed as trustworthy. This applies above all to the hardware used locally. UEFI is interesting to cyber criminals for several reasons. It offers the possibility of reading and manipulating hardware information during operation, ”explains Thomas Uhlemann, ESET Security Specialist. “Since UEFI is started and read out before the operating system starts, it is possible to implement resistant malware here that can even survive a hard drive replacement. In addition, UEFIs are rarely or never updated. Even with gaps in the code for which patches exist, it is almost unlikely that these will be closed by an update. "
UEFI rootkits: an immense threat
UEFI rootkits are a hacker's dream and a nightmare for all users. Although they caused much discussion, there was no evidence that they were used in attacks for a long time - until the ESET experts discovered Lojax in 2018. Up until this point, attacks with UEFI rootkits were considered feasible, but not particularly realistic. But since 2018 at the latest, there has been no doubt that UEFI rootkits have been used by hackers, and with success: Over a billion Windows computers worldwide were affected by Lojax.
On the safe side with a special scanner
The UEFI scanner has detected infections in the UEFI BIOS (Image: ESET).
Hardly any security solution checks with its protection technologies down to the firmware level of a mainboard. Rather, your job is to analyze only hard drives and storage. The European IT security manufacturer ESET has a special tool in use, the UEFI scanner, in order to be able to reliably examine the security status at this level as well. This is an ESET module that is solely responsible for reading the contents of the motherboard's firmware and making it available for investigations. This technology enables the actual analysis engine to thoroughly check the integrity of the pre-boot environment. Whether ESET NOD32 Antivirus, ESET Internet Security or ESET Smart Security Premium, the UEFI scanner is an integral part of all ESET security solutions.
By using the UEFI scanner, ESET security solutions are able to identify suspicious or harmful elements in the firmware and notify the user. Users can choose to scan regularly or as needed. Suspicious elements in the firmware are marked as "Potentially Unsafe Applications" because applications at this level can affect the entire system. This can be legitimate software that the user knows about, or malicious code that has entered the system without knowledge.
What is UEFI?
The Unified Extensible Firmware Interface (UEFI) is the firmware of the mainboard and thus an important part of the interface between hardware and software of a computer, especially when booting. UEFI replaced the predecessor BIOS (Basic Input / Output System) and can communicate better with modern hardware. The major advantages include, on the one hand, the significantly faster system booting speed, and, on the other hand, the support of hard disks with larger capacities.
More at ESET.de
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.