MosaicRegressor UEFI malware defies deletion – Experts Perspective

This week, Kaspersky Labs published MosaicRegressor: Lurking in the Shadows of UEFIThe MosaicRegressor Malware Framework uses the Unified Extensible Firmware Interface — the software interface between an operating system and a platform’s firmware. It enables malware to be permanently installed on a device’s motherboard, such that neither rebooting, reinstallation of the operating system or replacement of the hard drive is effective. Experts with Gurucul and Point3 Security offer perspective.


EXPERTS COMMENTS
Chloé Messdaghi, VP of Strategy,  Point3 Security
October 09, 2020
This malware operates by getting into the system’s motherboard and it is reinstated every time the system is rebooted.
There’s been some speculation on who’s behind this particular malware but unless and until it’s confirmed by a US governmental agency, we cannot say that this malware constitutes a foreign government’s attack. There are four types of cyber attackers: individual attackers; groups and syndicates who together work towards profit, disinformation, or to obtain information but are not hired by a ....
[Read More >>]
Saryu Nayyar, CEO,  Gurucul
October 09, 2020
The Security Operations team should be able to identify and remediate even this sophisticated threat.
The ability to embed malware in the UEFI (Unified Extensible Firmware Interface) has existed for several years. While the technique is not used often, it gives malicious actors a powerful tool to maintain persistence on an infected host. The infection reported by Kaspersky Labs has all the earmarks of a state-sponsored actor, but that is not to say that criminal organizations won't leverage the ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article