US CISA Urges Improvements to Key Computer Component
Governance & Risk Management
,
Patch Management
Unified Extensible Firmware Interface Should Be More Secure, Says Agency
The U.S. federal government is urging computer manufacturers to improve the security of firmware architecture that boots up devices after a powerful bootkit spotted last year sparked heightened concerns over permanent malware infections.
See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense
The Cybersecurity and Infrastructure Security Agency issued a call to action Thursday for the standard developers behind the Unified Extensible Firmware Interface to improve patch distribution, coding and logging practices.
UEFI is an industry standard for hardware initialization when a computer powers up, published by the UEFI Forum. A spokesperson said the forum has no comment.
The call comes after the discovery of malware known as BlackLotus, a powerful bootkit sold in hacking forums for $5,000, caused the National Security Agency in June to warn Windows systems administrators over its threat.
BlackLotus bypasses Microsoft security features meant to protect hackers from infecting the boot process that takes place before the Windows operating system assumes control. Once the malware has infected UEFI software, it can gain full control over the system. Boot loader infections are difficult to detect and any computer infected with BlackLotus must be completely re-imaged and possibly discarded.
Microsoft has released multiple patches to stymie BlackLotus, but the NSA said patching is only a first step to hardening machines against the malware (see: NSA Issues Remediation Guidance for BlackLotus Malware).
“UEFI bootkits are very powerful…