It was ~2 weeks ago when Costin Raiu wrote an article on “Where are all the ‘A’s in APT?”. In this article, Costin focused on what is regarded as sophisticated in observed APT attacks as well as how future detected sophisticated attacks will look like:
- “Virtualization / hypervisor malware – we haven’t seen any in-the-wild attacks leveraging this.
- SMM malware – this is something yet to be seen in real-world attacks.
- UEFI malware – the hacking of HackingTeam revealed that a UEFI persistence module has been available since at least 2014, but we have yet to observe real-world UEFI malware.
- Hardware implants – although Joseph FitzPatrick and others have covered this subject in great detail, the number of real-world cases where hardware implants have been found is extremely low.
- Malware abusing or hiding in secure enclaves (SGX).
- Malware for Intel ME. “