ESET researchers discover LoJax, the first-ever UEFI rootkit detected in a cyberattack
Source: Vistar Communications for ESET Middle East , Author: Posted by BI-ME staff
Posted: Tue October 2, 2018 1:00 pm

UAE. ESET researchers discovered a cyberattack that used a UEFI rootkit to establish a presence on the victims’ computers. Dubbed LoJax by ESET, this rootkit was part of a campaign run by the infamous Sednit group against several high-profile targets in Central and Eastern Europe and is the first-ever publicly known attack of this kind.

“Although, in theory we were aware that UEFI rootkits existed, our discovery confirms they are used by an active APT group. So they are no longer just an attractive topic at conferences, but a real threat,” comments Jean-Ian Boutin, ESET senior security researcher who led the research into LoJax and Sednit’s campaign.

UEFI rootkits are extremely dangerous formidable tools for the launch of cyberattacks. They serve as a key to the whole computer, are hard to detect and able to survive cybersecurity measures such as reinstallation of the operating system or even a hard disk replacement.

Moreover, even cleaning a system that was infected with a UEFI rootkit requires knowledge well beyond the reach of a typical user, such as flashing the firmware.

Sednit, also known as APT28, STRONTIUM, Sofacy or Fancy Bear, is one of the most active APT groups and has been operating since at least 2004. Allegedly, the Democratic National Committee hack that affected the 2016 US elections, the hacking of global television network TV5Monde, the World Anti-Doping Agency email leak, and many others are believed to be the work of Sednit.

This group has in its arsenal a diversified set of malware tools, several examples of which ESET researchers have documented in their white paper as well as in numerous blogposts on WeLiveSecurity.

The discovery of the first-ever in-the-wild UEFI rootkit serves as a wake-up call for users and their organizations who often ignore the risks connected with firmware modifications.

“Now there is no excuse for excluding firmware from regular scanning. Yes, UEFI-facilitated attacks are extremely rare, and up to now, they were mostly limited to physical tampering with the target computer. However, such an attack, should it succeed, would lead to the full control of a computer, with nearly total persistence,” comments Jean-Ian Boutin.

ESET is the only major provider of endpoint security solutions to add a dedicated layer of protection, ESET UEFI Scanner, designed to detect malicious components in a PC’s firmware.

“Thanks to the ESET UEFI Scanner, both our consumer and business customers are in a good position to spot such attacks and defend themselves against them,” concludes Juraj Malcho, Chief Technology Officer at ESET.

ESET’s analysis of the Sednit campaign that uses the first-ever in-the-wild UEFI rootkit is described in the detail in the “LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group” white paper.

Photo Caption: Juraj Malcho, Chief Technology Officer at ESET

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology.

ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.

 

MIDDLE EAST BUSINESS COMMENT & ANALYSIS

date:Posted: October 19, 2018
UAE. Artificial Intelligence basically makes it possible for machines to learn from neuro experiences, adjust outputs and perform human-like tasks, it could be thought of as the simulation of human intelligence.
date:Posted: October 18, 2018
UAE. A study on the cost of residential real estate versus the GDP per capita in key city hubs globally reveals that Dubai offers one of the most attractive value propositions for investors.
date:Posted: October 17, 2018
UAE. GITEX - Day 3 highlights: AI is the next big opportunity for cities; Cognitive solutions that leverage AI algorithms to make decisions like a human brain; Saudi Accelerator Day gets underway at GITEX Future Stars; A stark warning to customer-focused industries in the tech age: evolve or die.
dhgate