New Virus Poses Threat to Computer Firmware

Computer security experts have identified an emerging virus, written by a group of cyber criminals known as the “Equation Group,” which has the ability to irreparably corrupt and disable firmware.

The complex malware, or malicious software, attacks the computer at the level of its basic input/output system (BIOS), and reprograms the computer's firmware with ineradicable malware, said David O’Berry, world wide technical strategist for Intel Security, a division the computer industry heavyweight. Once the code has been rewritten, it becomes undetectable by the system's security software, according to aMay 16 report from McAfee Labs, which was acquired by Intel last year.

“These [attacks] are very troubling,” said O’Berry, “because they don’t go away.”

The discovery of the BIOS level malware came on the heels of an explosion of ransomware, specialized software being used to digitally extort money. The virus is being used by cyber criminals to acquire control of, and encrypt, the content of a computer’s hardrive, said O’Berry.

The virus most often infects a computer through phishing emails or drive-by downloads such as pop-ups, O’Berry said. It attaches itself to a specific file in order to encrypt information of value to the user. Then criminals send the user a ransom demand in exchange for the key to unlock their files and information.  

Some police departments have been locked out of their file systems by ransomware, O’Berry said. “It’s like they kidnap your computer,” he said.

New technological developments have played a role in the recent onslaught of ransomware. Some of these trends include the creation of crypto-currencies such as bitcoin, which have allowed cyber criminals to engage in ransom transactions without using conventional methods for the transfer of money. The creation of the Tor Network, which allows users to access the so-called "deep web," allows cybercriminals to conceal their locations online, according to McAfee's quarterly threat report.

These recent assaults on the digital community have been spearheaded by a secretive organization called the Equation Group identified by its affinity for complexly coded malware, said the report.

To avoid contracting a virus such as ransomware, O’Berry recommended staying up to date with the latest software and its accompanying patches; especially with digitally “ubiquitous” software such as Adobe Flash. A patch operates similarly to a product recall; however, it offers a solution to the specific problem present in the software, O’Berry said.

The impetus falls on both the consumer and the producer to deal with and control the exploitation of vulnerabilities found within software such as Adobe, said O’Berry. The industry must identify and make available the patches for areas of software that can be exploited by cyber criminals, and the consumer must diligently update the software with necessary patches.

Adobe released 42 patches for their flash player in the first three months of 2015, said O’Berry. “Adobe is pervasive along the computing spectrum,” O’Berry said, “With that situation comes great responsibility.”

He doubted that the average user applies necessary patches to their software as often as he or she should. Consumers have become immune to the constant inundation of software updates and eventually leave themselves exposed, he added.

O’Berry believes the future of combatting harmful viruses like malware lies in a greater level of sharing among the software creation communities. That's what the criminals do. “That’s one thing the malware community does very well is share code,” O’Berry said.

Increased sharing of standards-based information would allow the software industry to stay a few steps ahead of the cyber criminals, he said.

Topics: Cyber, Cybersecurity