Published: October 7, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
As if 2020 hasn’t annoyed and frustrated us all enough, leave it to some malware developers to give us all just a little bit of a kick in the technology pants. The security firm, Kaspersky has found some malware that not only messes with your computer, but also can thwart any efforts to get rid of it—including performing a complete Windows operating system reinstall!
First, it’s not clear how the malware was delivered or what specific PCs or operating systems versions are vulnerable to this. However, what it aims to do is spy on the user and retrieve documents from an infected system, potentially for espionage.
Once the malware is deployed, it installs a file called “IntelUpdate.exe” in the Startup folder of the system. The problem is that it exploits the UEFI (Unified Extensible Firmware Interface), which includes semi-permanent software (firmware) that resides on computers and is run during the boot up phase. Even if the malicious file is found and deleted, it still persists and reinstalls itself...over and over and over. And while patches and fixes are released for software all the time, firmware isn’t updated nearly as often.
This new malware technique is important to companies and private users alike because it means, “once it is out there, the functionality will now migrate to all malware, and soon even the basic malware will include this technology,” says Jim Stickley of Stickley on Security.
Phishing continues to be the top way malware makes its way onto computers and into networks. So always watch for phishing attempts, whether at home or in an office. Spam filters will stop some and antivirus software will catch some of it too, but nothing is foolproof. It takes being aware of the current threats, like this one, and stopping it in its tracks.
There is suspicion that Chinese speaking hackers are behind this and indeed using it for espionage. The researchers did mention the Chinese state-sponsored group, Winnti, but had only low confidence that was the group to blame.
Victims identified as targets include “diplomatic entities and NGOs in Africa, Asia, and Europe,” per Kaspersky. While the report did not specifically name the victim organizations, they did mention that all of them have some tie to North Korea. That does not mean that other organizations in other areas will not soon be targeted.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org