CISA: Immediate action on UEFI cybersecurity needed

Organizations across the U.S. have been urged by the Cybersecurity and Infrastructure Security Agency to strengthen the defenses of their UEFI software amid increasing attacks as evidenced by the emergence of the BlackLotus bootkit malware, according to SecurityWeek. UEFI components should be audited, managed, and updated akin to any acquired software, while event logs pertaining to UEFI-related activities should be collected, studied, and responded to, said CISA. CISA has also encouraged the use of secure development environments and software development best practices among UEFI component developers, while calling for the universal adoption of reliable UEFI updates. "What attackers achieve depends on which phase and what element of UEFI they are able to subvert. But every attack involves some kind of persistence. As we evolve our responses to UEFI incidents and strengthen secure-by-design in the UEFI community, we should strive to create an environment where the threat from the adversary targeting UEFI is significantly reduced," CISA added.