Each month Intel releases a security bulletin to alert customers to trends in threats it is seeing to computer and smartphone users. This month’s report contained the usual list new criminal malware, trying to steal your identity, your bitcoins or your webcam selfies.
But for the first time, the company reported on more advanced threats, which attack not just your operating system, but the low-level software, known as firmware, that runs your machine.
Intel’s report flagged “persistent and virtually undetectable attacks” traced to a group of malware authors known as the Equation Group. These attacks are highly sophisticated, reprogramming hard disk drive and solid state drive firmware.
The attacks make getting rid of the infection impossible, short of replacing the actual drive itself. Once infected by the Equation Group’s malware, the firmware reloads malware each time infected systems boot. The malware persists even if the drives are reformatted or the operating system is re-installed.
Anti-virus security software can’t detect the infection, making it impossible to stop.
Why this is interesting is that the Equation Group has been traced to elite units of the NSA, which has in turn been confirmation by former staffers.
The Equation Group is the NSA.
These are the same folks who carried out the successful Stuxnet attack which heavily damaged Iran’s nuclear program and the same folks who also tried a similar, unsuccessful, attack on North Korea.
Vincent Weafer, senior vice president, McAfee Labs said “These Equation Group firmware attacks rank as some of the most sophisticated threats of their kind. While such malware has historically been deployed for highly-targeted attacks, enterprises should prepare themselves for the seemingly inevitable ‘off-the-shelf’ incarnations of such threats in the future.”
In plain language, Intel (via its McAfee subsidiary) is warning businesses, hospitals and government agencies to be on the lookout for these attacks. They’re seeing more of them and its likely that China, Russia and other U.S. rivals will be using very similar methods.
Given that virtually all smartphones are manufactured in China, its very likely many are infected with the same type of super-complex malware that Intel is seeing attack computer hard drives.
Stay Connected