A new module enables the malware to scan for vulnerable UEFI configurations on infected systems and could enable attackers to brick systems or deploy low-level backdoors that are incredibly hard to remove.
"This marks a significant step in the evolution of TrickBot," the researchers from security firms Eclypsium and Advanced Intelligence (AdvIntel) said in a new report released today.
"UEFI level implants are the deepest, most powerful, and stealthy form of bootkits. Since firmware is stored on the motherboard as opposed to the system drives, these threats can provide attackers with ongoing persistence even if a system is re-imaged or a hard drive is replaced.
"Equally impactful, if firmware is used to brick a device, the recovery scenarios are markedly different (and more difficult) than recovery from the traditional file-system encryption that a ransomware campaign like Ryuk, for example, would require."
What is TrickBot?
TrickBot is a malware threat that started out as a Trojan program focused on online banking fraud and credential theft and evolved into an extensible crimeware platform with a long list of capabilities that includes RDP scanning, lateral movement through SMB vulnerabilities, VNC-based remote access and more.
TrickBot's operators, a group known in the security industry as The Trick or Overdose, use the Trojan to provide access into infected corporate networks to other threat actors, including those operating the Ryuk ransomware.
TrickBot has also been used to distribute backdoors associated with Lazarus group, North Korea's state-run hacking team, and researchers suspect the TrickBot operators are increasingly catering to APT groups and high-profile cybercrime gangs.
In October, Microsoft, together with several other companies, launched a coordinated effort to disrupt TrickBot's command-and-control infrastructure and while that action has seen considerable success, the botnet is still alive and the hackers are fighting to regain control. New campaigns that distribute the malware have been observed last month.
The UEFI module
Researchers from AdvIntel observed a new TrickBot module, called called PermaDll32, being delivered to victims in October. The name caught their attention as it sounded derived from the word "permanent" suggesting some sort of persistency mechanism.
Analysis of the module revealed that it was designed to read information from the BIOS or UEFI firmware of infected computers. This is the low-level code stored in the SPI flash memory chip of a computer's motherboard and is responsible for initiating the hardware during the booting process and handing over control to the operating system.
AdvIntel partnered with Eclypsium, which has expertise in firmware and hardware security threats to analyse the new TrickBot component and determine what it does. The investigation revealed that the PermaDll32 module deploys a driver called RwDrv.sys, which is taken from RWEverything, a popular free tool that allows users to read and write to the firmware of any hardware component, including the SPI controller that governs the UEFI.
The TrickBot module uses this capability to identify the underlying Intel hardware platform and to check if the BIOS control register is unlocked and if the BIOS/UEFI write protection is enabled.
For the full boot chain to be secure, the UEFI firmware must be write-protected, but computer OEMs have often left this misconfigured in systems in the past. This has enabled cyber espionage groups to deploy stealthy UEFI implants.
"I think there are probably millions of devices that are vulnerable to this still out in the field," Jesse Michael, principal researcher at Eclypsium, tells CSO. "I don't have a good solid number for those devices, but it was a very common thing before 2017 and even after 2017 we still are seeing some devices that are coming from the factory with this vulnerability. The top-tier vendors are getting a lot better at closing this hole."
While this is a well-known issue that has been exploited in the past to install UEFI implants, for example by the Russian APT28 group with the LoJax attack or the more recent MossaicRegressor APT group, many UEFI vulnerabilities and hardware misconfigurations have been reported over the years that the TrickBot attackers could choose to use in the future.
The PermaDll32 module with the RwDrv.sys drivers allow for a variety of attacks with little modification. In fact, the Eclypsium researchers warn that a one-line modification to the current implementation can allow the attackers to overwrite the UEFI and "brick" the computer. Recovering from such a situation typically requires replacing the system's motherboard or reflashing the UEFI with specialised equipment attached to the SPI chip.
"The national security implications arising from a widespread malware campaign capable of bricking devices are enormous," the researchers warn. "The TrickBoot module targets all Intel-based systems produced in the last five-plus years.
"Based on Eclypsium analysis, most of these systems remain vulnerable to one of the multitudes of firmware vulnerabilities currently known, with a smaller proportion susceptible to the particular firmware misconfiguration issue checked for by this module."
The Lazarus group, for example, has known connections with TrickBot operators and has launched destructive attacks in the past. The group was responsible for the 2014 attack against Sony Pictures that resulted in thousands of the company's computers being wiped.
However, it's much more likely that TrickBot's customers would use this new capability to deploy stealthy implants that would allow them to persist inside victim networks and on high-value systems even if hard drives are wiped and reimaged. This is even suggested by the module's name and, unfortunately, checking for firmware compromises is not easy and not a common practice as part of typical incident response and malware cleanup operations.
Once inside the UEFI, malicious code can report fake information back to any software tool attempting to read the UEFI and can block attempts to update the UEFI.
The only way to be sure is attach a programming device to the SPI chip, dump its contents and then check them. In addition to requiring specialised tools and knowledge, this type of operation might violate service agreements and warranties for most devices.
Preventing UEFI exploits
One of the most important ways to prevent such attacks is to keep the BIOS/UEFI updated on all systems to ensure that all known vulnerabilities are patched, but this is something that's rarely done as part of the regular patching routines in organisations.
"A lot of times people focus on operating system updates and neglect the firmware updates," Michael says. "So you might have a firmware update for your system that you can deploy and fix this issue, but because you don't, because you aren't including the firmware updates in your normal IT operations, you're kind of lagging in the updates you need. For prevention, you need to include firmware updates in your normal processes."
There's also a lack of visibility into firmware issues when it comes to vulnerability scanning inside organisations. Some open-source tools like CHIPSEC have forensics and security testing capabilities for various hardware interfaces including UEFI, as do some commercial products.
Finally, the host-level intrusion detection systems can detect some of the components. For example, the Eclypsium and AdvIntel report include indicators of compromise for the new TrickBot module and the RwDrv.sys driver. However, the number of such attacks and therefore UEFI-capable malware is likely to increase in the future.
The implementation of UEFI exploits in TrickBot doesn't only put this capability in the hands of ransomware groups like Ryuk that use this botnet, but it will be copied by other cybercriminal groups that run their own botnets and malware operations. This has happened with many techniques in the past that were initially limited to APT-level threat actors.
"Once this is seen in the wild like in an incident or a press release three months or a year from now that an UEFI attack was used to brick an operational environment, all the other attackers will jump on it immediately, because the impact is so much worse, which means the leverage is so much bigger," Scott Scheferman, principal strategist at Eclypsium tells CSO.
"Any major vulnerability that gives an attacker an advantage is adopted usually first by TrickBot and then all the other malware and ransomware groups which pull functionality from TrickBot all the time. TrickBot leads the development cycle for most of the criminal malware out there."