Threat Reports

October 2021 Firmware Threat Report

Eclypsium Threat Report October 2021 Firmware

Among the tricks and treats you had, emerges a new Below the Surface to make you glad. So keep on reading to hear what we think, feel free to relax and pour yourself a drink. (We like fernet personally.) Without further adieu, all rhyming aside, we’ll now dive into the report and discuss where threat actors hide. 

October was full of tricks and treats this year, and we’re not just talking about Halloween. Perhaps the spookiest thing we learned this month was the reports on FinSpy, but perhaps the real nightmares come from the fact that the ESPecter UEFI bootkit backdoor that has been in Windows devices since 2012. Boo!

On this day in history: Indestructible, badass rootkit BadBIOS: Is this tech world’s Loch Ness Monster? Allegations of a stealthy firmware rootkit caused a stir after researcher Dragos Ruiu announced that his lab systems had been infected via USB stick and communicating over multiple wireless protocols. While details and samples were thin, all of the activity was plausible enough, and researchers have continued to discover firmware attacks (albeit less advanced than the BadBIOS claims) ever since.

On May 25, 2021, “diego033″ posted on exploit[.]in seeking suppliers of various forms of network accesses, including Citrix, RDP, VPN, and bots”