TrickBot malware has a new, and dangerous, trick: A recently identified module inspects target devices for firmware vulnerabilities that enable attackers to read, write, or erase the UEFI/BIOS firmware. With this level of access, one could install a backdoor or "brick" an infected machine.
The malware was first identified in 2016 and initially considered a banking Trojan, used to steal financial data. Since then, it has evolved into a full-fledged operation and appears in different types of malware campaigns. TrickBot has been spotted working with Emotet to deliver Ryuk ransomware; it uses the EternalBlue exploit to spread across hosts in a target network via Server Message Block.
Now, it's attempting to infiltrate the lowest level of target devices by checking for firmware flaws, researchers with Eclypsium and Advanced Intelligence (AdvIntel) report. A module they found in October 2020 "marks a significant step in the evolution of TrickBot," a threat that has consistently incorporated new capabilities to become stealthier and more malicious over time.
In this module, TrickBot uses a driver from the RWEverything tool to interact with the SPI controller and check if the BIOS control register is unlocked and contents of the BIOS region can be changed. RWEverything (read-write everything), the researchers say, could let an attacker write to the firmware on "virtually any device component," including the SPI controller that controls the system firmware. This would let the attacker write code to the system firmware, ensuring the malicious code executes before the operating system during the boot process.
The focus on UEFI in this so-called "TrickBoot" module indicates its operators are thinking beyond the operating system to target lower device layers that security tools often miss. Because firmware is stored on the motherboard and not in the system drives, UEFI-focused threats enable attackers to remain persistent after a system is reimaged or an infected hard drive is replaced.
"Once you've done that, you've escaped the rest of the entire security stack's ability to detect," says Scott Scheferman, principal cyber strategist at Eclypsium. "And you've gained persistence by doing that as well, that you can't eradicate or even detect in most organizations."
In a writeup, researchers discuss what an attacker could do with this level of access. TrickBot operators could brick any device they find vulnerable. UEFI persistence could enable them to disable most OS-level security controls, allowing them to resurface with no endpoint security. They could land on thousands of hosts per day and learn which are vulnerable to UEFI attacks.
There are several reasons why TrickBot is moving in this direction, the researchers believe. The malware has become a key area of focus among defenders and security researchers, notes Vitali Kremez, CEO and chairman at AdvIntel. Given this ubiquity, it's necessary for its operators to innovate so they can stay ahead of corporate antivirus and endpoint security products.
"We see maturity and professionalization of the space, where the criminal groups are professionals like us. … They run their business as a company," Kremez explains. "It's not the coding of the tool, the level of attention, the thought process behind a crime that makes it more interesting. It's the level of criminal intent — it's elevated, so to speak."
The capabilities seen in TrickBoot have been demonstrated by other attackers seeking persistence in firmware, researchers note. What's dangerous about this discovery is TrickBot's spread: In the last two months of infections, TrickBot has peaked at 40,000 in one day. Further, attackers don't need device access or a complex technique to make it work.
"This isn't some esoteric, nation-state, spy-level thing," says Scheferman. "This is commodity, massive, wide-scale criminal malware that has everything it needs in tooling to know what vulnerability to hit, and hit it."
What Happens if TrickBoot Hits?
Recovering from an attack like this is more involved and expensive compared with traditional malware attacks, the researchers report. Corrupted UEFI firmware requires replacing or reflashing the motherboard, which is more labor-intensive than replacing the hard drive.
"A lot of times IT will have hot spares for drives and memory, and some of these replaceable components are more common to fail," says Jesse Michael, principal research with Eclypsium. "But replacing the server, or motherboard, or an entire laptop is a much heavier issue." IT may have a playbook to replace a server that won't boot; it's less likely they're prepared to replace several servers at the same time.
The potential for this type of attack is especially concerning for operational environments, where uptime is top priority, Scheferman adds. A TrickBoot attack couldn't be remediated with their existing incident response playbooks and cause "devastating downtime," he adds.
While its capabilities have potential to be "a significant development," defenders should be cautious when attempting to determine the attacker's intent without further evidence, says Sherrod DeGrippo, senior director of threat research and detection at Proofpoint.
"Threat actor capability does not always translate into real-world actions, but network defenders should assess their capabilities to detect UEFI modifications and what the implications of such attacks have on incident response and recovery," she explains.
There are steps businesses can take to prepare before an incident strikes. Scheferman advises first understanding which portions of an environment are vulnerable to this type of attack. Gain visibility; learn which devices at the firmware level may be what this module is looking for.
"One thing to keep in mind is that a lot of enterprises don't have visibility into firmware," says Michael. "Making sure firmware updates are also part of their management process and IT process, making sure that component is also updated, is a key point of their enterprise process that they need to be aware of."
While many admins prioritize patches pushed via Windows Update or Linux, firmware patches may fall by the wayside when a vendor shares them. These are also generally more difficult to apply to systems, he adds, adding another challenge for businesses that learn they need them.