The infamous TrickBot malware has a new module that is targeting firmware.
Eclypsium, working with Advanced Intelligence, disclosed the discovery of this new module, dubbed TrickBoot, in December. The new functionality performs reconnaissance on target devices, identifying the device platform, the status of BIOS write protections for the SPI flash, and well-known vulnerabilities that can allow attackers to read, write, or erase the UEFI/BIOS firmware.
With a simple, one-line code change, TrickBoot could be used by ransomware attackers to brick many of the devices that government agencies, defense contractors, and critical infrastructure providers rely on, or to hide undetected below the surface on trusted devices.
Register for this webinar to learn:
- Why firmware threats are so dangerous
- What systems are affected by TrickBoot
- What it takes to recover from an attack on firmware
- How to tell if your firmware has been compromised
- How you can protect your organization from a variety of firmware threats
About the Speaker, John Loucaides: |
John Loucaides is the VP of Research and Development at Eclypsium, the comprehensive cloud-based device security platform that protects enterprise devices all the way down to the firmware and hardware level. Headquartered in Portland, Oregon, the company was named to Fast Company’s annual list of the World’s Most innovative Security Companies for 2020, the CNBC Upstart 100 list, and Gartner's Cool Vendor list for Security Operations and Threat Intelligence.
John has an extensive history in hardware and firmware threats from experience at Intel Corporation and the United States government. At Intel, he served as the Director of Advanced Threat Research, Platform Armoring and Resiliency, PSIRT, and was a CHIPSEC maintainer. Prior to this, he was Technical Team Lead for Specialized Platforms for the federal government.