openPR Logo
Press release

ESET researchers discover LoJax, the first-ever UEFI rootkit detected in a cyberattack

10-02-2018 01:06 PM CET | IT, New Media & Software

Press release from: Vistar Communications

Juraj Malcho, Chief Technology Officer at ESET

Juraj Malcho, Chief Technology Officer at ESET

ESET researchers discovered a cyberattack that used a UEFI rootkit to establish a presence on the victims’ computers. Dubbed LoJax by ESET, this rootkit was part of a campaign run by the infamous Sednit group against several high-profile targets in Central and Eastern Europe and is the first-ever publicly known attack of this kind.

“Although, in theory we were aware that UEFI rootkits existed, our discovery confirms they are used by an active APT group. So they are no longer just an attractive topic at conferences, but a real threat,” comments Jean-Ian Boutin, ESET senior security researcher who led the research into LoJax and Sednit’s campaign.

UEFI rootkits are extremely dangerous formidable tools for the launch of cyberattacks. They serve as a key to the whole computer, are hard to detect and able to survive cybersecurity measures such as reinstallation of the operating system or even a hard disk replacement. Moreover, even cleaning a system that was infected with a UEFI rootkit requires knowledge well beyond the reach of a typical user, such as flashing the firmware.

Sednit, also known as APT28, STRONTIUM, Sofacy or Fancy Bear, is one of
the most active APT groups and has been operating since at least 2004. Allegedly, the Democratic National Committee hack that affected the 2016 US elections, the hacking of global television network TV5Monde, the World Anti-Doping Agency email leak, and many others are believed to be the work of Sednit.

This group has in its arsenal a diversified set of malware tools, several examples of which ESET researchers have documented in their white paper as well as in numerous blogposts on WeLiveSecurity.

The discovery of the first-ever in-the-wild UEFI rootkit serves as a wake-up call for users and their organizations who often ignore the risks connected with firmware modifications.

“Now there is no excuse for excluding firmware from regular scanning. Yes, UEFI-facilitated attacks are extremely rare, and up to now, they were mostly limited to physical tampering with the target computer. However, such an attack, should it succeed, would lead to the full control of a computer, with nearly total persistence,” comments Jean-Ian Boutin.

ESET is the only major provider of endpoint security solutions to add a dedicated layer of protection, ESET UEFI Scanner, designed to detect malicious components in a PC’s firmware.

“Thanks to the ESET UEFI Scanner, both our consumer and business customers are in a good position to spot such attacks and defend themselves against them,” concludes Juraj Malcho, Chief Technology Officer at ESET.
ESET’s analysis of the Sednit campaign that uses the first-ever in-the-wild UEFI rootkit is described in the detail in the “LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group” white paper.

About ESET
For 30 years, ESET has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.

3rd floor, Office no 305
Building 2, Dubai Internet City
Dubai, UAE

This release was published on openPR.

Permanent link to this press release:

Copy
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.

You can edit or delete your press release ESET researchers discover LoJax, the first-ever UEFI rootkit detected in a cyberattack here

News-ID: 1274116 • Views:

More Releases from Vistar Communications

Spectrami wins the Top Distributor for Network Security of the Year Award
Spectrami wins the Top Distributor for Network Security of the Year Award
Spectrami, the region’s primary cyber security value-added distributor today announced that it has won the coveted ‘Top Distributor for Network Security of the Year’ award at the GEC Awards 2020, organised by the leading technology media company in the Middle East, GEC Media group. The 7th edition of GEC Awards this year were one of the first live in-person awards that were conducted since the outbreak of coronavirus in the region.
AOC launches brand new series of Surveillance Monitors
AOC launches brand new series of Surveillance Monitors
AOC, the display specialist today announced the expansion of product portfolio with the introduction of its brand new E1 series of surveillance monitors targeting the fast growing regional market for video surveillance. According to the analysts 6Wresearch, the Middle East commercial security market will grow by nearly 17 percent annually over the next six years, valuing US$7.4 billion in 2024, compared to an estimated US$2.9 billion in 2018. Video surveillance
ESET launches new security solutions to protect constantly-connected users
The latest version of ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium that offers fortified multilayered protection, enhanced IoT protection, product referral and a new security report feature is released today. Users can rely on the best balance of speed, detection and usability acknowledged by multiple testing bodies to protect their constantly-connected devices. It is predicted that by 2025, there will be over 75 billion connected devices

More Releases for ESET

ESET Security Days arrive in Dubai
ESET, the world leading cybersecurity firm today announced that it will be hosting the ESET Security Days in Dubai. The company will host a diverse gathering of business owners and decision makers hailing from various industry verticals from all across UAE. The Dubai edition of ESET Security Days will be held at Shangri-La Hotel, Sheikh Zayed Road, Dubai, UAE on 25 September 2018 and it will provide a common platform
ESET joins Cybersecurity Tech Accord
It was over thirty years ago that the founders of ESET created the first version of the now globally recognized antimalware product used on over 110 million devices in homes, workplaces and on mobile devices. Their commitment, and that of everyone at ESET, is as strong today as it was back then, which is the reason ESET has partnered with more than thirty other technology companies and joined the Cybersecurity
ESET to Launch ESET Smart Security 7 and Demonstrate ESET Endpoint Security Solu …
DUBAI, United Arab Emirates, October 09, 2013: ESET®, the global leader in proactive digital protection with a record of 10 years consecutive VB100 awards for its award-winning ESET NOD32® technology, has announced that it will unveil ESET Smart Security Version 7, an all-in-one Internet Security solution for home and business customers, at GITEX Technology Week 2013 in Dubai. The company will also highlight ESET Endpoint Security for business users, which
ESET Launches ESET Technology Alliance Program
DUBAI, United Arab Emirates, October 06, 2013: ESET®, the global leader in proactive digital protection with a record of 10 years consecutive VB100 awards for its award-winning ESET NOD32® technology, today launched the ESET Technology Alliance - an integration partnership. The aim of the program is to better protect businesses with a range of complimentary IT security solutions that seamlessly integrate with ESET products. All members of the ESET Technology Alliance
ESET Unveils Beta 2 version of ESET NOD32 Antivirus 4 for Mac and Linux
Users in the Middle East can download the beta2 version from ADAOX’s website Dubai, United Arab Emirates, June 12, 2010: ADAOX Middle East, the regional business development center of ESET NOD32 Antivirus, today announced the availability of the beta 2 version of ESET NOD32 Antivirus 4 for Mac and Linux based systems. With the release of its Beta2 version, ESET is moving forward with another step to the final
ESET Announces Support for Windows 7
ADAOX to offer the Windows 7 fully compatible ESET solutions in the Middle East. Dubai, United Arab Emirates, September 30, 2009: ADAOX Middle East today announced that its partner, ESET - the the leader in proactive threat protection, is offering full support of the Microsoft® Windows 7® operating system. The complete line of ESET products - ESET NOD32 Antivirus 4 and ESET Smart Security 4 (home and business editions), Remote Administrator