Firmware: the unprotected layer inside every computer.
Two months ago, researchers at US security company AdvIntel discovered that one of the Internet’s most troublesome malware platforms, Trickbot, had started testing something rather ominous: probing UEFI firmware chips inside targeted PCs to see whether they were vulnerable to known firmware vulnerabilities.
This was only reconnaissance - Trickbot wasn’t infecting the SPI flash chip on which UEFI firmware resides – but the discovery is significant. UEFI (Unified Extensible Firmware Interface) is the low-level software that has been used manage the boot process on personal computers, including Windows PCs and Macs, since the old-style BIOS started disappearing a decade ago. Anything capable of compromising a computer at this layer would be powerful in fundamental ways, including being invisible to all mainstream security software.
What, then, were Trickbot’s devs up to? After researching the discovery with research partner Eclypsium, the companies recently published an analysis of what they nicknamed TrickBoot which suggests the answer might be connected to a new and imminent type of ransomware attack.
Today, ransomware is feared for either encrypting data in return for a ransom, threatening to release data in return for a ransom (double extortion), or an unholy mixture of the two. More rarely, it has been known to carry out destructive attacks by overwriting hard drives, an approach tried in 2017 by NotPetya variants against Windows machines. This has never caught on with commercial malware, mainly because it achieves little in a ransom context: defenders simply replace or reinstate drives.
Malware able to write to or erase UEFI firmware would be a new ball game. Getting those PCs back up and running would require engineers to visit every PC and probably the replacement of the whole motherboard. Unleashed against possibly thousands of machines, or even a few important ones, such a tactic could quickly reduce most organizations to chaos. Even cleaning machines with any certainty would be be a huge task.
Pwn goal
The possibility of targeting the UEFI layer has been common knowledge since Kaspersky Lab discovered serious flaws in the design of the legitimate Computrace/LoJack for Laptops ‘good rootkit’ mobile tracing product in 2014. All went quiet until 2018 when Arbor Networks chanced upon trojanized versions of the LoJack agent, later dubbed LoJax.
Sure enough, three months later, Slovakian sleuths ESET turned up the first example where this had been used to write to UEFI SPI chips in a real attack as part of a fake update sent during a targeted attack. This was attributed to Russian threat group APT28 (STRONTIUM, Sofacy and Fancy Bear) coincidentally a cousin of the APT 29 attack group blamed for the recent spectacular SolarWinds compromise of US Government agencies.
This October, a second UEFI compromise, MosaicRegressor (which uses Hacking Team’s old VectorEDK UEFI code), was discovered by Kaspersky Lab, this time attributed to China or North Korea. As with the ESET attack, this was highly targeted, and had been in use for months or even years without being discovered, part of the shadowy hinterland of nation state espionage.
Despite only carrying out reconnaissance, the new AdvIntel and Eclypsium UEFI module is arguably more serious than any of these because it shows that the same idea has now migrated to mass-market malware. It’s a change that deserves urgent attention, says Eclypsium’s CEO, Yuriy Bulygin.
“In general infecting UEFI is not complicated. Developing a scalable implant for UEFI is not that difficult,” he confirms. Why, then, are UEFI attacks not more common? “The reality is that nobody is looking. There are no sensors or detection mechanisms. This module doesn’t do infection, but it has all of the functionality for infection if the system is vulnerable, or to brick the system.”
According to colleague and principal cyber strategist Scott Scheferman, Trickbot was designed like a jack of all trades, looking to every and any job malware might need to add to its business model. UEFI is simply a new and lucrative possibility to that end.
“They understand that if they can brick a device, they can command much higher leverage. Conversely, if you have persistence and you’re selling access-as-a-service you have additional margin because that persistence is now at the firmware level and the odds of getting discovered from ring zero and up is zero”
Currently nobody is looking at firmware level during post-forensics, he says, a point that rams home how invisible this kind of attack would be to victims unaware of their vulnerability. For cybercriminals, it’s as if they’ve discovered the perfect backdoor that can’t easily be closed or patched.
“Very few systems have any capability to restore corrupted UEFI,” adds Bulygin. For example, if you take servers, their typical mechanism of recovering from corrupted firmware such as UEFI is to use the baseboard management controller. But that runs its own firmware and that has plenty of remotely exploitable vulnerabilities.”
As chance would have it, the discovery of this new Trickbot capability coincided with the huge October takedown of much of its infrastructure by Microsoft so it’s possible the crime group behind it have had other things on their mind than hammering companies with UEFI wiping malware. Still, it seems highly unlikely this spells the end of Trickbot. But even if that were to happen, other groups will surely take up where its coders left off.
Some manufacturers make UEFI with baked-in security, say Eclypsium’s researchers, but many others don’t. Even secure updating and authentication checks aren’t standard, which will one day seem like an incredible oversight. Even assessing the level of vulnerability across a billion PCs will be a challenge let alone figuring out mitigation or defense.
The irony: Trickbot’s ability to understand UEFI firmware vulnerability is currently better than any of the victims it might target.
“As an industry we have come to the point where it’s time to get ahead of this problem because recovering millions of systems infected by Trickbot is going to cost us,” says Bulygin.
