Trickbot, the notorious botnet and banking Trojan, has a new trick up its sleeve.
According to new research by Eclypsium and Advanced Intelligence, the malware now “makes use of readily available tools to check devices for well-known vulnerabilities that can allow attackers to read, write or erase the UEFI/BIOS firmware of a device.” A threat actor leveraging this capability could use it to attack weaknesses in the booting process to install backdoors, firmware implants or even brick targeted devices.
Eclypsium and Advanced Intelligence researchers say the findings represent an “important advance” in Trickbot’s ever evolving toolset, which is often used by other threat groups to gain an initial foothold into a targeted network before launching further attacks. The malware-delivering botnet has long tentacles – researchers have observed hundreds of thousands of newly infected devices over the past two months, peaking at 40,000 hijackings in a single day – and this new capability takes direct aim at vulnerabilities in the booting process, which is often overlooked within the cybersecurity ecosystem.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.