The scope and extensiveness of malware risks for computing devices is more pronounced than ever before, and that’s pretty much the story from one month to the next these days. At a recent security conference in Las Vegas, the Eclypsium security research team announced they had dug up some serious security flaws in at least 40 device drivers from 20 different vendors. These vulnerabilities could increase the likelihood of devices being infected by malware.
While this type of development in itself is nothing out of the ordinary, what makes it noteworthy is the sheer number of different drivers that may be affected. Here at 4GoodHosting, we’re like any other reputable Canadian web hosting provider in that we strive to make our customers aware of risks to their digital security when they arise. When one is as potentially far reaching as this one, we’re almost always going to make some sort of announcement regarding it.
The research team’s report is stating that this malware targets system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component. By doing so what the attackers have done is take the same tools used to manage a system and then turn them into powerful threats that can escalate quickly on the host.
Once the driver is infected it then provides the attacker with optimized access for means of launching malicious actions within all versions of Windows, and Windows Kernel most notably.
Do note that all these affected drivers are ones certified by Microsoft:
- American Megatrends International (AMI)
- ASUSTeK Computer
- ATI Technologies (AMD)
- Micro-Star International (MSI)
- Phoenix Technologies
- Realtek Semiconductor
All of this is related to a specific design flaw in Windows device drivers. They have a functionality that can be taken advantage of to perform a read/write of sensitive resources without being restricted by Microsoft. Some are suggesting that bad coding practices are to blame for this, and while that can’t be substantiated it is true that there is a more pressing need for better ones these days and older work can be suspect.
At present, the understanding is that Microsoft will be using its HVCI (Hypervisor-enforced Code Integrity) capability to create a blacklist of drivers that are reported to them. The only problem there is that the HVCI feature is only available with 7th gen Intel CPUs along with newer processors only. The situation for older operating systems would be the need for manual installation, and this would also be true for newer ones where HVCI can’t be enabled.
Microsoft is now recommending that its users work with Windows Defender Application Control or turn on memory integrity for supported devices in Windows Security. This should block malware in software and drivers.
The Motivation for Developing Malware
Many people ask what exactly is in it for these malware developers to spend as much time as they do creating this infections and releasing them onto the world. Not sure there’s a clear answer to that, but it’s a good question. After all, people will assume that there’s nothing really to be gained by creating malware other than perhaps an individual sense of deranged satisfaction in messing with people and businesses.
This would be an incorrect assumption, however. The truth is that these people go to the effort to make malware because there’s money in it. For example, a botnet; a network of thousands – or even hundreds of thousands – of computers belonging to everyday people that have been infected with software that usually work to send out LOTS of spam.
Once a botnet network is established then it can be rented by individuals and organizations who want to send out spam promoting whatever it is they want promoted. Botnet owners make money, and same goes for keyloggers – they capture usernames and passwords and sell this information to whoever would like it and for whatever purpose.
These are just 2 examples of many. Long story short, the reason there’s people working to make malware is because – strangely enough – it’s profitable in one way or another.