Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Happy Halloween: The Ghost Really May Be In The Machine

Published: 2013-10-31
Last Updated: 2013-10-31 22:27:17 UTC
by Russ McRee (Version: 1)
38 comment(s)

Ghost in Shell

@dangoodin001 over at ArsTechnica dropped a fabulously spooky tale today of "mysterious Mac and PC malware that jumps airgaps." If you follow @dragosr (Dragos Ruiu) via Twitter you've probably heard about #badBIOS, but if you don't you have some reading to do.

Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps - ArsTechnica

#badBIOS features explained - Errata Security

#badBIOS - Security Artwork

Its been three years now that this issue has plagued Dragos, the CanSecWest and PacSec conferences organizer, and the founder of the Pwn2Own hacking competition, who as Dan states "is no doubt an attractive target to state-sponsored spies and financially motivated hackers."

While the Internet Storm Center is not yet in possession of enough information (We can neither confirm nor deny, Senator) to confirm with absolute certainty, this is a real humdinger in the context of immediately recent reports alleging that the Russian Gov Slipped a Little Bit of Malware in G20 Attendees Gift Bags. Additionally, let me lay some propositional logic on you:

If Dragos is smart, then #badBIOS is a legitimate malware threat.
Dragos is smart.
Therefore, #badBIOS is a legitimate malware threat.

To quote directly from the close of Dan's article as he cites Dragos: "It looks like the state of the art in intrusion stuff is a lot more advanced than we assumed it was," Ruiu concluded in an interview. "The take-away from this is a lot of our forensic procedures are weak when faced with challenges like this. A lot of companies have to take a lot more care when they use forensic data if they're faced with sophisticated attackers."

ISC would love reader feedback via comments regarding thoughts on detection and mitigation as more details on this surface.

Happy Halloween and enjoy the ghost hunt. :-)

 

Keywords: BIOS malware
38 comment(s)
ISC StormCast for Thursday, October 31st 2013 http://isc.sans.edu/podcastdetail.html?id=3638
Diary Archives