SoylentNews is people
SoylentNews
LEIPZIG, GERMANY – Researchers hunting cyber-espionage group Sednit (an APT also known as Sofacy, Fancy Bear and APT28) say they have discovered the first-ever instance of a rootkit targeting the Windows Unified Extensible Firmware Interface (UEFI) in successful attacks.
The discussion of Sednit was part of the 35C3 conference, and a session given by Frédéric Vachon, a malware researcher at ESET who published a technical write-up on his findings earlier this fall (PDF). During his session, Vachon said that finding a rootkit targeting a system's UEFI is significant, given that rootkit malware programs can survive on the motherboard’s flash memory, giving it both persistence and stealth.
"UEFI rootkits have been researched and discussed heavily in the past few years, but sparse evidence has been presented of real campaigns actively trying to compromise systems at this level," he said.
The rootkit is named LoJax. The name is a nod to the underlying code, which is a modified version of Absolute Software's LoJack recovery software for laptops. The purpose of the legitimate LoJack software is to help victims of a stolen laptop be able to access their PC without tipping off the bad guys who stole it. It hides on a system’s UEFI and stealthily beacons its whereabouts back to the owner for possible physical recovery of the laptop.
Each time the system restarts, the code executes on boot, before the OS loads and before the system's antivirus software is launched. That means that even if the device's hard drive is replaced, the LoJack software will still operate.
(Score: 1, Offtopic) by edIII on Saturday December 29 2018, @11:51PM (6 children)
So this is high level security research provided to the public on a Wordpress platform? Really?
Hard to take ESET security seriously at all at this point. What I want to know more than this particular piece of research is how ESET security hardened its Wordpress instance.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1, Interesting) by Anonymous Coward on Sunday December 30 2018, @12:18AM (1 child)
I'm more worried about "the Windows Unified Extensible Firmware Interface" I've never heard about. How does that differ from the regular UEFI?
(Score: 4, Informative) by RS3 on Sunday December 30 2018, @02:30AM
It's more easily hacked.
(Score: 4, Insightful) by c0lo on Sunday December 30 2018, @12:44AM (1 child)
You know? Paper is a very poor choice as a support for strong cryptography - multiplying with 2048bit+ numbers and bit shuffling and all that.
Guess what? Books and scientific papers and work to derive theorems on cryptography have been using and will continue to use paper.
I find much harder to take seriously your... ummm... non-sequiturous comment - "publishing something on security must be done on a secure platform or else...".
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1, Funny) by Anonymous Coward on Sunday December 30 2018, @06:05AM
Burn the paper, multiply & shuffle the ashes. Problem solved.
(Score: 3, Informative) by rigrig on Sunday December 30 2018, @05:56AM
Yes, thinking about security means you think about the trade-off between convenience and security.
No one remembers the singer.
(Score: 0) by Anonymous Coward on Sunday December 30 2018, @07:28AM
Hey now, my real estate agent uses a WordPress based site for their entire enterprise including financial information. It can't be that bad.