June 2, 2023

[Information Security Daily]On March 2, malware BlackLotus bypassed UEFI secure boot, and ransomware LockBit locked Spanish-speaking users

Malicious bootkits targeting UEFI firmware were mostly created by state-level hackers. Until the end of last year, some people began to sell a program called BlackLotus on hacker forums. The researchers who revealed this at the time thought it was difficult to confirm its degree of danger. However, recently, an information security company obtained the malicious program for analysis, and confirmed that it does have the attack capability advertised by the seller. Even if the user enables the UEFI secure boot mechanism, the computer cannot be prevented from being infected by this malicious software. In order to evade detection by security systems before encrypting files, ransomware hackers also adopt a strategy of using a variety of off-the-shelf and legal tools. For example, in the recent attack of the ransomware LockBit, such a method was adopted, making it difficult for antivirus software and EDR systems to detect abnormalities.

Ewen Eagle

I am the founder of Urbantechstory, a Technology based blog. where you find all kinds of trending technology, gaming news, and much more.

View all posts by Ewen Eagle →

Leave a Reply

Your email address will not be published.