Enter the BlackLotus: Analysis of the Latest UEFI Bootkit

[correlate]

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
Content source
https://socradar.io/enter-the-blacklotus-analysis-of-the-latest-uefi-bootkit/
The world of cybercrime is constantly evolving, and one of the latest threats to emerge is the BlackLotus bootkit. This malware is the first known bootkit capable of bypassing Secure Boot on Microsoft Windows 11 systems, making it a dangerous threat in the cyber world. The malware has been sold on various hacker forums for $5,000, while upgrading to a new version only costs $200. The 80 kB-sized BlackLotus bootkit has been available on hacker forums since October 2022.
Click to expand...
socradar.io

Enter the BlackLotus: Analysis of the Latest UEFI Bootkit

BlackLotus uses the CVE-2022-21894 vulnerability to bypass the secure boot feature. Microsoft released a patch for this vulnerability, but...
socradar.io socradar.io
 
  • Like
  • +Reputation
Reactions: Andy Ful, harlan4096, upnorth and 2 others
[correlate]

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
HarborFront said:
So can current top-notch AV/AM or endpoints like DI and Harmony prevent this?
Click to expand...
While best-of-breed antivirus/anti-malware (AV/AM) solutions and advanced endpoint protection platforms such as Detection and Response (EDR) and Harmony can provide robust security measures, it is important to understand that the effectiveness of any security solution can vary depending on several factors, including the specific malware variant and its capabilities.

Given that the BlackLotus bootkit is designed to bypass Secure Boot on Windows 11 systems, it is possible that it could evade traditional security measures. However, reputable AV/AM solutions and advanced endpoint protection platforms often use proactive detection, behavioural analysis, machine learning and other sophisticated techniques to identify and block known and unknown threats.
 
  • Like
Reactions: vtqhtr413, upnorth and HarborFront
H

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,033
Correlate said:
While best-of-breed antivirus/anti-malware (AV/AM) solutions and advanced endpoint protection platforms such as Detection and Response (EDR) and Harmony can provide robust security measures, it is important to understand that the effectiveness of any security solution can vary depending on several factors, including the specific malware variant and its capabilities.

Given that the BlackLotus bootkit is designed to bypass Secure Boot on Windows 11 systems, it is possible that it could evade traditional security measures. However, reputable AV/AM solutions and advanced endpoint protection platforms often use proactive detection, behavioural analysis, machine learning and other sophisticated techniques to identify and block known and unknown threats.
Click to expand...
Any AV/AM or endpoint blocked it? I can't find any such block report on the net
 
  • Like
Reactions: [correlate]
H

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,033
Correlate said:
It depends on the specific settings that each EDR allows.
But have a look at the video
Click to expand...

I was expecting Harmony, DI and top-notch AV/AM to block it when it was released and make great announcement

Now that the sig is already available.........
 
  • Like
Reactions: [correlate]
You must log in or register to reply here.

Similar threads

vtqhtr413
    • Like
    • +Reputation
Microsoft shares guidance to detect BlackLotus UEFI bootkit attacks
Replies
0
Views
1,052
News Archive
vtqhtr413
vtqhtr413
MuzzMelbourne
    • Like
    • Applause
NSA Releases Guide to Combat Powerful BlackLotus Bootkit Targeting Windows Systems
Replies
0
Views
1,108
News Archive
MuzzMelbourne
MuzzMelbourne
silversurfer
    • Like
    • +Reputation
    • Sad
  • Locked
BlackLotus Becomes First UEFI Bootkit Malware to Bypass Secure Boot on Windows 11
Replies
20
Views
2,223
News Archive
simmerskool
simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top