Demo Video: Why UEFI Malware Is the Next Frontier of Endpoint Security
2023-12-14 02:0:0 Author: securityboulevard.com(查看原文) 阅读量:10 收藏

Two of the most common misunderstandings that we encounter when discussing how Eclypsium can help protect client PCs is that 1) an EDR solution can protect against all types of malware, and 2) built-in Windows security features are sufficient to protect against low-level attacks. 

Neither of these things are true in the case of malware such as the BlackLotus that the NSA issued a warning about in June 2023. Read the NSA BlackLotus Mitigation Guide for the full details, but the gist is that attacks such as BlackLotus are difficult to protect against because they target the earliest phase of software boot to take control of an endpoint. The NSA points out that even fully patched systems are still vulnerable due to the delicate nature of updating the Secure Boot Deny List Database (DBX). 

As EDR products improve, attackers are targeting lower-level mechanisms to evade detection. In the demonstration video below, we show how malware similar to BlackLotus can take control over an up-to-date Windows system while evading EDR and bypassing Windows security features such as Secure Boot and BitLocker. 

Eclypsium is expert in understanding and developing defenses against this type of attack, including the BlackLotus malware. Examples of our previous research include:

The post Demo Video: Why UEFI Malware Is the Next Frontier of Endpoint Security appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

*** This is a Security Bloggers Network syndicated blog from Eclypsium | Supply Chain Security for the Modern Enterprise authored by Chris Garland. Read the original post at: https://eclypsium.com/blog/demo-video-why-uefi-malware-is-the-next-frontier-of-endpoint-security/


文章来源: https://securityboulevard.com/2023/12/demo-video-why-uefi-malware-is-the-next-frontier-of-endpoint-security/
如有侵权请联系:admin#unsafe.sh