Threat Reports

August 2020 Firmware Threat Report

Eclypsium Threat Report August 2020 Firmware APT41

This month the FBI warned that Russian hackers were deploying a Linux rootkit and an Iranian hacking group is attacking F5 networking devices.  APT41 attacks continue to target networking gear. And an Atlantic Council report called out incidents in supply chains, noting that almost 20% of such attacks targeted firmware. Meanwhile, researchers at Eclypsium disclosed a serious vulnerability in Secure Boot, which has proved challenging for many organizations to mitigate.

Securing The Enterprise From Drovorub and BootHole

The NSA and the FBI recently reported that the Russian GRU is deploying Drovorub, a rootkit that infects Linux systems. Would you be able to detect something like this if your organization was targeted?  Activating UEFI Secure Boot is an essential step in preventative mitigation, but the BootHole vulnerability can leave systems vulnerable to attack.  Learn how Eclypsium can help you assess and protect your devices from this vulnerability, and detect advanced persistent threats such as Drovrub.

Mitigating Risk From APT41 Attacks Against Networking and Enterprise Infrastructure

This year a widespread series of attack campaigns attributed to the Chinese hacking group APT41 has targeted a variety of enterprise technologies including Cisco routers, Citrix Application Delivery Controllers, and Zoho IT Management. These attacks target high-impact components of an enterprise’s infrastructure that could cause significant damage if compromised, and yet are easily overlooked by overburdened security teams.

There’s A Hole In The Boot

On July 29th, Eclypsium researchers disclosed a vulnerability in the GRUB2 bootloader that opens up Windows and Linux devices using Secure Boot to attack. The majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries. For the inside story on how our researchers found this vulnerability, and what it took for the industry to fix it, sign up for our webinar “Exploring the BootHole Vulnerability” on September 1st.

Since the disclosure, more than a dozen organizations have issued security advisories, including the NSA, which warned that “Monitoring for changes to firmware, firmware configuration, and boot components is recommended due to the amount of time that may be required to perform effective testing before all mitigations can be applied to all endpoints.” Eclypsium can assist with this monitoring, and with the complex, multi-step process involved in mitigating the BootHole vulnerability. The following resources are available to assist you:

Managing PC Firmware Health For Enterprise IT Cost Reduction

TAG Cyber’s Dr. Edward Amoroso proposes that establishing a program to systematically manage the firmware health of PCs could lead to extended replacement intervals and meaningful cost reductions. In this white paper he observes that explicit ongoing programs focused on device firmware health not only reduce cyber threats, but also extend the useful life of deployed PCs, and provides several examples. 

Bug Icon

THREATS IN THE WILD

INDUSTRY NEWS

SECURITY ADVISORIES

SECURITY RESEARCH

BLACK HAT ROUND UP

DEFCON SAFE MODE ROUND UP

ADDITIONAL READING & LISTENING

UPCOMING

  • Webinar: Exploring the BootHole Vulnerability. Eclypsium’s Mickey Shkatov and Jesse Michael show you how the BootHole vulnerability works, share insights on the massive effort involved in addressing this vulnerability across the industry, and provide the latest advice on mitigating this threat.