Costin Raiu on future sophisticated attacks

It was ~2 weeks ago when Costin Raiu wrote an article on “Where are all the ‘A’s in APT?”. In this article, Costin focused on what is regarded as sophisticated in observed APT attacks as well as how future detected sophisticated attacks will look like:

  • “Virtualization / hypervisor malware – we haven’t seen any in-the-wild attacks leveraging this.
  • SMM malware – this is something yet to be seen in real-world attacks.
  • UEFI malware – the hacking of HackingTeam revealed that a UEFI persistence module has been available since at least 2014, but we have yet to observe real-world UEFI malware.
  • Hardware implants – although Joseph FitzPatrick and others have covered this subject in great detail, the number of real-world cases where hardware implants have been found is extremely low.
  • Malware abusing or hiding in secure enclaves (SGX).
  • Malware for Intel ME.

After 2 weeks time, the first UEFI malware has been found in the wild by ESET while there is the big story on hardware implants as reported by Bloomberg .



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.