Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
In 2012, a new version of bootkit was introduced. Instead of targeting the system through the BIOS or master boot record, one Such a bootkit attacked Mac OS X systems by infecting EFI, a firmware package that started the boot process. A secondly The oldest bootkit targeting Windows 8 systems for booting UEFI boot kita guide to UEFI. Around 2013, a researcher introduced an advanced UEFI bootkit for Windows called Dreamboat.
The first known case of a real UEFI attack came in 2018 with the discovery of a malware known as malware. LoJax. A replica of the official anti-theft software known as LoJack, was created by a Kremlin-backed hacking group that went under names including Sednit, Fancy Bear, and APT 28. The malware was installed remotely using malware tools that can read and write parts of the flash memory of the UEFI firmware.
In 2020, researchers discovered a second known case of real-time malware attacking UEFI. Every time an infected device reboots, its UEFI checks to see if the malicious file was found in the Windows startup folder and, if not, installs it. Researchers from Kaspersky, the security provider that discovered the malware, called it “MosaicRegressor.” Researchers still don’t know how the compromised UEFIs got infected. Since then, new UEFI devices have appeared. They are marketed under names including ESpecter, FinSpy, and MoonBounce.
Necessity is the mother of invention
In response to the threats, Microsoft worked with hardware manufacturers to create Secure Boot, an industry standard that uses cryptographic signatures to ensure that any software installed at boot is trusted by the computer manufacturer. Secure Boot is designed to create a level of trust that prevents attackers from replacing their intended firmware with malicious firmware. If one of the boot links is not recognized, Safe Boot prevents the device from booting.
