New ‘Black Lotus’ UEFI Rootkit Provides APT-Level Capabilities to Cybercriminals By Orbit Brain October 17, 2022 0 327 viewsCyber Security News Dwelling › Virus & ThreatsNew ‘Black Lotus’ UEFI Rootkit Gives APT-Stage Capabilities to CybercriminalsBy Ionut Arghire on October 17, 2022TweetA risk actor is selling on underground felony boards a vendor-independent UEFI rootkit that may disable safety software program and controls, cybersecurity veteran Scott Scheferman warns.Dubbed ‘Black Lotus’, the Home windows rootkit is a robust, persistent instrument being supplied on the market at $5,000, with $200 funds per new model and that includes capabilities resembling these employed by state-sponsored risk actors.Written in Meeting and C, Black Lotus is 80 kilobytes in dimension and options geofencing, to keep away from infecting nations within the CIS area.In accordance with Scheferman, the risk packs evasion capabilities similar to anti-virtualization, anti-debugging, and code obfuscation, and may disable safety functions and protection mechanisms heading in the right direction machines, together with Hypervisor-protected Code Integrity (HVCI), BitLocker, and Home windows Defender.By loading code earlier than the booting course of completes, the rootkit can bypass consumer entry management (UAC) and safe boot, it might load unsigned drivers, and may persist undetected within the UEFI firmware of the goal machine, supposedly indefinitely.Black Lotus, Scheferman says, gives a full set of capabilities to attackers, together with file switch and tasking assist, and may probably turn out to be a significant risk throughout IT and OT environments.“Contemplating this tradecraft was relegated to APTs just like the Russian GRU and APT 41 (China nexus), and contemplating prior felony discoveries we have made (e.g. Trickbot’s #Trickboot module), this represents a little bit of a ‘leap’ ahead, when it comes to ease of use, scalability, accessibility and most significantly, the potential for way more affect within the types of persistence, evasion and/or destruction,” Scheferman says.In accordance with Scheferman, Black Lotus supposedly with the ability to goal a broad vary of machine varieties would possibly recommend that its builders are focusing on an undocumented bootloader vulnerability impacting many distributors.Kaspersky too received wind of Black Lotus, declaring that the rootkit’s superior capabilities had been beforehand typical of nation-state malware, however at the moment are more and more accessible to cybercriminals.Associated: Chinese language UEFI Rootkit Discovered on Gigabyte and Asus MotherboardsAssociated: Avast: New Linux Rootkit and Backdoor Align CompletelyAssociated: Subtle iLOBleed Rootkit Targets HP ServersGet the Day by day Briefing Most LatestMost LearnNew ‘Black Lotus’ UEFI Rootkit Gives APT-Stage Capabilities to CybercriminalsCybersecurity M&A Roundup for October 1-15, 2022Flaw in Microsoft OME May Result in Leakage of Encrypted KnowledgeTiming Assaults Can Be Used to Test for Existence of Personal NPM PackagesIronVest Emerges From Stealth Mode With $23 Million in Seed FundingNew ‘Alchimist’ Assault Framework Targets Home windows, Linux, macOSSeven ‘Creepy’ Backdoors Utilized by Lebanese Cyberspy Group in Israel AssaultsBAE Releases New Cybersecurity System for F-16 Fighter PlanePoC Printed for Fortinet Vulnerability as Mass Exploitation Makes an attempt StartAustria’s Kurz Units up Cyber Agency With Ex-NSO ChiefSearching for Malware in All of the Flawed Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Laptop Says About YouBe in a Place to Act By Cyber Situational ConsciousnessReport Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureMethods to Establish Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EnticingMethods to Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise Black Lotus evasion persistence rootkit UAC bypass UEFI Orbit Brainhttp://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
North Korean Hackers Exploit Dell Driver Vulnerability to Disable Windows SecurityIntroducing the Cyber Security News North Korean Hackers Exploit Dell Driver Vulnerability to Disable Windows Security.... October 3, 2022 Cyber Security News
Investors Bet on Ox Security to Guard Software Supply ChainsIntroducing the Cyber Security News Investors Bet on Ox Security to Guard Software Supply Chains.... September 30, 2022 Cyber Security News
Two Men Arrested for JFK Airport Taxi Hacking SchemeIntroducing the Cyber Security News Two Men Arrested for JFK Airport Taxi Hacking Scheme.... December 21, 2022 Cyber Security News
Swimlane Launches Security Automation Ecosystem for OTIntroducing the Cyber Security News Swimlane Launches Security Automation Ecosystem for OT.... November 15, 2022 Cyber Security News
Cisco Squashes High-Severity Bug in Web Protection SolutionIntroducing the Cyber Security News Cisco Squashes High-Severity Bug in Web Protection Solution.... August 19, 2022 Cyber Security News
Cloud-Native Application Security Firm Apiiro Raises $100 MillionIntroducing the Cyber Security News Cloud-Native Application Security Firm Apiiro Raises $100 Million.... November 4, 2022 Cyber Security News
