Key Takeaways
- Cov kws tshawb fawb kev nyab xeeb tau tshawb pom ib qho malware tshwj xeeb uas kis tau lub cim xeeb flash ntawm lub motherboard.
- Tus malware yog qhov nyuaj rau tshem tawm, thiab cov kws tshawb fawb tseem tsis tau nkag siab tias nws nkag mus rau hauv lub khoos phis tawj thawj zaug li cas.
-
Bootkit malware yuav txuas ntxiv mus, ceeb toom cov kws tshawb fawb.
Kev tua kab mob hauv lub computer siv qee yam ua raws li nws yog. Ib qho malware tshiab ua rau txoj haujlwm tseem ceeb dua vim tias cov kws tshawb fawb txog kev nyab xeeb tau pom tias nws nkag mus rau hauv nws tus kheej tob rau hauv lub computer uas koj yuav tau chuck lub motherboard kom tshem tawm nws.
Dubbed MoonBounce los ntawm kev ruaj ntseg sleuths ntawm Kaspersky uas pom nws, cov malware, technically hu ua bootkit, hla dhau lub hard disk thiab burrows nws tus kheej hauv lub computer Unified Extensible Firmware Interface (UEFI) khau raj firmware.
"Kev tawm tsam yog qhov nyuaj heev," Tomer Bar, Tus Thawj Coj ntawm Kev Tshawb Fawb Kev Ruaj Ntseg ntawm SafeBreach, hais rau Lifewire dhau email. "Thaum tus neeg raug tsim txom tau kis tus kab mob, nws mob heev vim tias txawm tias lub hard drive hom yuav tsis pab."
Novel Threat
Bootkit malware tsis tshua muaj, tab sis tsis yog tshiab kiag li, nrog Kaspersky nws tus kheej tau pom ob qho tib si hauv ob peb xyoos dhau los. Txawm li cas los xij, dab tsi ua rau MoonBounce tshwj xeeb yog tias nws kis tau lub cim xeeb flash nyob ntawm lub motherboard, ua rau nws tsis muaj kev tiv thaiv software thiab tag nrho lwm yam txhais tau tias tshem tawm malware.
Qhov tseeb, Kaspersky cov kws tshawb fawb tau sau tseg tias cov neeg siv tuaj yeem rov nruab qhov kev ua haujlwm thiab hloov lub hard drive, tab sis lub bootkit yuav nyob twj ywm hauv lub khoos phis tawj muaj kab mob mus txog thaum cov neeg siv rov ua cov kab mob flash nco, uas lawv piav qhia. raws li "tus txheej txheem nyuaj heev," lossis hloov lub motherboard nkaus xwb.
Dab tsi ua rau malware txaus ntshai dua, Bar ntxiv, yog tias malware tsis muaj ntaub ntawv, uas txhais tau tias nws tsis tso siab rau cov ntaub ntawv uas cov kev pab cuam tiv thaiv kab mob tuaj yeem chij thiab tsis muaj qhov pom tseeb hneev taw ntawm lub khoos phis tawj muaj kab mob, ua rau nws heev. nyuaj taug qab.
Raws li lawv qhov kev tshuaj xyuas ntawm malware, Kaspersky cov kws tshawb fawb tau sau tseg tias MoonBounce yog thawj kauj ruam hauv kev tawm tsam ntau theem. Cov neeg ua phem tsis zoo tom qab MoonBounce siv cov malware los tsim qhov foothold rau hauv tus neeg raug tsim txom lub computer, uas lawv xav tau tom qab ntawd tuaj yeem siv los xa cov kev hem thawj ntxiv los nyiag cov ntaub ntawv lossis xa ransomware.
Txoj kev cawm seej, txawm li cas los xij, yog tias cov kws tshawb fawb tau pom tsuas yog ib qho piv txwv ntawm malware txog tam sim no. "Txawm li cas los xij, nws yog ib qho kev sib tw heev ntawm cov cai, uas yog hais txog; yog tias tsis muaj dab tsi ntxiv, nws tshaj tawm qhov yuav tshwm sim ntawm lwm yam, malware siab heev yav tom ntej," Tim Helming, tus kws tshaj lij kev ruaj ntseg nrog DomainTools, ceeb toom Lifewire dhau email.
Therese Schachner, Cyber Security Consultant ntawm VPNBrains pom zoo. "Vim MoonBounce yog qhov tshwj xeeb tshaj plaws, nws muaj peev xwm hais tias muaj qhov xwm txheej ntxiv ntawm MoonBounce tawm tsam uas tseem tsis tau pom."
Inoculate Your Computer
Cov kws tshawb fawb tau sau tseg tias cov malware tau kuaj pom tsuas yog vim tias cov neeg tawm tsam tau ua yuam kev ntawm kev siv tib cov kev sib txuas lus servers (tsim lub npe hu ua cov lus txib thiab tswj cov servers) raws li lwm tus paub malware.
Txawm li cas los xij, Helming tau hais ntxiv tias txij li nws tsis pom meej tias qhov pib kis tau li cas, nws tsis yooj yim sua kom muab cov lus qhia tshwj xeeb yuav ua li cas kom tsis txhob kis tus kabmob. Ua raws li kev lees paub kev ruaj ntseg zoo tshaj plaws yog qhov pib zoo, txawm li cas los xij.
"Txawm hais tias malware nws tus kheej nce siab, kev coj cwj pwm tseem ceeb uas cov neeg siv nruab nrab yuav tsum zam kom tiv thaiv lawv tus kheej tsis tau hloov pauv tiag tiag. Tsis txhob nyem rau ntawm qhov txuas tsis txaus ntseeg tseem yog lub tswv yim zoo, "Tim Erlin, VP ntawm lub tswv yim ntawm Tripwire, tau hais rau Lifewire dhau email.
… nws muaj peev xwm hais tias muaj cov xwm txheej ntxiv ntawm MoonBounce tawm tsam uas tseem tsis tau pom.
Ntxiv rau cov lus qhia ntawd, Stephen Gates, Tus Kws Tshaj Lij Saib Xyuas Kev Ruaj Ntseg ntawm Checkmarx, hais rau Lifewire hla email tias tus neeg siv nruab nrab desktop yuav tsum mus dhau cov cuab yeej tiv thaiv kab mob ib txwm muaj, uas tsis tuaj yeem tiv thaiv tsis muaj kev tawm tsam, xws li MoonBounce.
"Nrhiav cov cuab yeej uas tuaj yeem siv cov ntawv tswj hwm thiab kev tiv thaiv kev nco, thiab sim siv cov ntawv thov los ntawm cov koom haum uas ua haujlwm ruaj ntseg, niaj hnub siv txoj kev txhim kho, los ntawm hauv qab ntawm pawg mus rau sab saum toj, " Gates tau hais.
Bar, ntawm qhov tod tes, tawm tswv yim txog kev siv thev naus laus zis, xws li SecureBoot thiab TPM, txhawm rau txheeb xyuas qhov tseeb tias khau raj firmware tsis tau hloov kho raws li cov txheej txheem kev txo qis tiv thaiv bootkit malware.
Schachner, ntawm cov kab zoo sib xws, tau hais tias txhim kho UEFI firmware hloov tshiab raws li lawv tau tso tawm yuav pab cov neeg siv suav nrog kev txhim kho kev ruaj ntseg uas tiv thaiv lawv lub khoos phis tawj zoo dua tiv thaiv kev hem thawj tshwm sim xws li MoonBounce.
Tsis tas li ntawd, nws kuj tau pom zoo siv cov kev ruaj ntseg platform uas suav nrog firmware hem kev hem thawj. "Cov kev daws teeb meem kev nyab xeeb no tso cai rau cov neeg siv paub txog qhov muaj peev xwm firmware hem kom sai li sai tau kom lawv tuaj yeem daws tau raws sijhawm ua ntej kev hem thawj nce ntxiv."
