ESSGroupThreat Report: Under the Cloak of UEFI Secure Boot – Introducing CVE-2024-7344

Threat Report: Under the Cloak of UEFI Secure Boot – Introducing CVE-2024-7344

Threat Overview

Researchers at ESET have uncovered a critical vulnerability in the Universal Extended Firmware Interface (UEFI) Secure Boot system that could allow attackers to bypass security measures on most systems worldwide. The threat report, published on January 16th, 2025, details the discovery of CVE-2024-7344.

Vulnerability Overview

The UEFI Secure Boot system is designed to ensure that firmware and subsequent software are authenticated before they’re allowed control over a computer’s critical processes. However, ESET discovered a vulnerability that allows attackers to bypass these security measures.

Confidence Level and Reliability

The report has a high confidence level of 100 and is considered completely reliable (Reliability: A). Furthermore, the revocation status is false, indicating no issues with the report’s validity or credibility.

External References

* https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/

Recommendations

In light of this discovery, the following recommendations are made to improve security posture:

* System Updates: Ensure that all systems are running the latest software and firmware updates to mitigate potential vulnerabilities.

* Whitelisting: Implement whitelisting solutions to ensure only trusted software can run during boot-up.

* Regular Vulnerability Assessments: Conduct regular assessments of your UEFI Secure Boot implementations to identify any potential weaknesses or misconfigurations.

* Heightened Awareness: Increase awareness of this threat among IT staff and educate them on how to spot and respond to suspicious activities.

Related

Discover more from ESSGroup

Subscribe to get the latest posts sent to your email.

17 Jan 2025

Comment 0

Categoty:
CTI News

Cyber Security

Threat

Azure Active Directory

Malware

Vulnerability

Email Security

Threat actors (ATP)

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

News & Blog

Related Blog

09 January

Threat Report: Formbook Phishing Campaign with Old Payloads

Threat Overview

A recent phishing campaign has been observed delivering Formbook stealers through email attachments, as reported by AlienVault on January 7th, 2025. This report provides an analysis of the attack and recommendations for mitigation.

The malware employs multiple stages and steganography to hide malicious files inside images. The infection chain involves three stages before the final payload: Purchase Order.exe, Arthur.dll, and Montero.dll.

Attack Details

The attack begins with a spear-phishing email containing a purchase order and a zip file attachment. Once executed, the malware uses various evasion techniques such as process hollowing, mutex creation, adding itself to exclusion paths, creating scheduled tasks for persistence, downloading additional payloads, or receiving commands from the threat actor’s C2 server.

The final payload is a highly obfuscated 32-bit MASM compiled binary.

Threat Actor Group

The short description of the actor group behind this campaign is not provided in the report.

Threat Level and Reliability

The confidence level for this threat is rated as 100, and the reliability of the report is verified. The revoke status is false.

Recommendations

Based on the threat report, several recommendations can be made:

* Educate users to Spot Phishing Emails: Train employees to recognize phishing emails and avoid opening suspicious attachments.

* Implement Email Filtering Solutions: Use advanced email filtering techniques to block malicious emails before they reach user inboxes.

* Keep Systems Updated: Regularly update software packages to protect against known vulnerabilities exploited by malware.

* Monitor for Suspicious Activity: Use threat intelligence platforms and security monitoring tools to detect anomalies and potential infections in your network.

Connected Elements\

There are 30 connected elements present in the report.

External References

Additional information about this campaign can be found at:

* Seqrite Blog: https://www.seqrite.com/blog/formbook-phishing-campaign-analysis/

Related

20 January

Threat Report: MintsLoader – StealC & BOINC Delivery

Threat Overview

The eSentire Threat Response Unit has identified a sophisticated malware campaign involving MintsLoader, a PowerShell-based malware loader, targeting organizations in the US and Europe. This report provides insights into the tactics, techniques, procedures (TTPs), and recommendations to mitigate this ongoing threat.

Threat Actor Group:

Unknown at this time.

Report Summary:

The MintsLoader campaign delivers payloads such as Stealc (an information stealer) and BOINC client using a Domain Generation Algorithm (DGA) and anti-VM techniques to evade detection. The infection process begins with a spam email containing a malicious link that downloads a JScript file, ultimately executing PowerShell commands to retrieve and launch the malware stages. StealC targets sensitive data from browsers, applications, and crypto-wallets.

Industries Affected:

electricity, Oil & Gas, Legal Services.

Confidence Level: High (100)

Reliability of the Report:

Usually reliable

Threat TTPs:

Spam emails with malicious links
JScript file downloads
PowerShell commands for malware retrieval and execution
DGA and anti-VM techniques
Information stealing

External References:

https://www.esentire.com/blog/mintsloader-stealc-and-boinc-delivery

https://otx.alienvault.com/pulse/678e2ed0691dbaf790bf355c

Recommendations:

Email Filtering: Implement robust email filtering to block suspicious emails and attachments.
Employee Training: Train employees to recognize phishing attempts and avoid clicking on unknown links or downloading unknown files.
Endpoint Security: Enhance endpoint security solutions and keep them up-to-date to better detect and block malicious files.
PowerShell Script Block Logging: Enable PowerShell script block logging to monitor and detect suspicious commands.
Regular Patch Management: Ensure timely patch management to protect against known vulnerabilities exploited by malware like MintsLoader.

Related

13 October

5 Easy Steps To Optimize System Security In 2024

As cyber threats evolve, ensuring robust system security has become more critical than ever. Whether you’re managing personal data or running a nonprofit organization, taking proactive steps to secure your systems is essential. Here are five easy steps to enhance your system security in 2024

Regular Software Updates Keeping your operating system and all software applications up to date is crucial for maintaining security. Software developers frequently release updates to patch vulnerabilities that could be exploited by cybercriminals. Set up automatic updates whenever possible to ensure you're always protected against the latest threats .
Implement Strong Password Policies Utilize complex passwords that combine letters, numbers, and special characters. Consider adopting a password manager to help generate and store unique passwords for each account. Additionally, enable two-factor authentication (2FA) wherever possible to add an extra layer of security .
Conduct Regular Security Audits Perform periodic security audits to identify vulnerabilities within your system. These audits can help you understand your current security posture and uncover any weaknesses. Engaging a third-party security expert can provide additional insights and recommendations for improvement .
Educate Employees on Security Awareness Human error is a leading cause of security breaches. Conduct regular training sessions to educate employees about phishing scams, social engineering attacks, and best practices for online security. Creating a culture of cybersecurity awareness can significantly reduce the risk of accidental breaches .
Use Multi-Layered Security Solutions Implement a multi-layered security approach that includes firewalls, antivirus software, and intrusion detection systems. By utilizing a combination of tools, you can create a more robust defense against various cyber threats. Regularly review and update your security solutions to adapt to the changing threat landscape .

By following these steps, you can significantly enhance your system security in 2024.

Related

Empowering communities through knowledge, collaboration, and open dialogue. Join us in making a difference!

Programs

Usefull Links

Contact