Trickbot Now Uses a Bootkit to Attack FirmwareResearchers: Bootkit Finds Vulnerabilities to Exploit
Trickbot malware has been updated with a bootkit module, nicknamed Trickboot, which can search for UEFI/BIOS firmware vulnerabilities, according to a report from the security firms Eclypsium and Advanced Intelligence. These flaws, if exploited, can give an attacker the ability to brick a device.
"This marks a significant step in the evolution of Trickbot. Firmware-level threats carry unique strategic importance for attackers," according to the joint report.
The pairing of Trickbot with a bootkit enables an attacker to automate a search for vulnerable devices, says Scott Scheferman, principal cyber strategist with Eclypsium.
"But with Trickbot being distributed by Emotet, a resilient and effective system, Trickbot actors can simply automate that part of the challenge and know which devices inside a compromised environment can be bricked or implanted with a [Unified Extensible Firmware Interface] persistence mechanism," Scheferman says.
Given Trickbot's ability to target and leverage Active Directory, along with its worming capabilities that come with exploiting the EternalBlue and EnternalRomance flaws, the malware now offers a powerful, widespread distribution platform for attackers who want to leverage firmware-level attacks, he adds.
"Certainly it provides strategic advantages for either destructive or criminal-related motives."
Trickbot has been a primary tool used to dispense banking Trojans along with Ryuk and Conti ransomware. It is generally distributed "as-a-service" with Symantec attributing its use to the Wizard Spider group. In October, Microsoft and several federal agencies knocked Trickbot's servers offline, but the operators quickly bounced back (see: Updated Trickbot Malware Is More Resilient).
What Bootkits Can Do
When implanted on a device, bootkits, including Trickboot, enable an attacker to control how an operating system is booted. This gives threat actors the ability to directly modify the OS to gain complete control over a system and subvert higher-layer security controls, the report notes.
"Attackers could also simply erase the BIOS region to completely disable the device as part of a destructive attack or ransomware campaign. The possibilities are almost limitless," the report states.
The researchers say Trickbot's operators likely are now in reconnaissance mode, searching for firmware vulnerabilities.
"Given that the Trickbot group toolset has been used by some of the most dangerous criminal Russian and North Korean actors to target healthcare, finance, telecoms, education and critical infrastructure, we view this development as critically important to both enterprise risk and national security," the report states.
Because Trickboot was just uncovered last month, attacks leveraging it may have been launched, but it could take time for victims to notice, Scheferman says.
"Most organizations, incident-response teams and SOCs, however, are not well-equipped to be able to detect UEFI-level threats," Scheferman says. He notes that it took analysts years to discover how a Chinese hacking group used a similar bootkit to target devices (see: Hacking Group Used Rare UEFI Bootkit for Espionage).
AdvIntel first spotted what became known as Trickboot in October, when it found the name "user_platform_check.dll," also written as PermaDll, while investigating the new Trickbot module, according to the report.
The vulnerabilities that Trickboot can spot for exploitation are located in the platform controller hub on Intel platforms. Problems arise when access control mechanisms on the Serial Peripheral Interface, or SPI, controller that stop unauthorized modification of the UEFI or BIOS firmware are misconfigured or not enabled, the report says. If the firmware is not write-protected, attackers can easily modify or even delete it.
"Trickbot uses the RwDrv.sys driver from the popular RWEverything tool in order to interact with the SPI controller to check if the BIOS control register is unlocked and the contents of the BIOS region can be modified," the researchers say.
In addition, Trickbot includes an obfuscated copy of RwDrv.sys. It drops the driver into the Windows directory, starts the RwDrv service and then makes DeviceIoControl calls to talk to the hardware, the report notes.
Because of where the malware is placed within a device, Trickboot is not only harder to detect but, once found, it’s difficult to remove because it resides on the motherboard and not the systems drives. This allows for persistence even if the operating system is reinstalled or the unit's hard drive is replaced, the report says.
"Equally impactful, if the firmware is used to brick a device, the recovery scenarios are markedly different (and more difficult) than recovery from the traditional file-system encryption that a ransomware campaign like Ryuk, for example, would require," the researchers say.
Scheferman notes that firmware updates are difficult to perform, and he points out that many organizations don't include firmware updates in their device management processes. Unlike operating system and application updates, which are automated and pushed out, firmware update processes can require more downtime, which can result in organizations deprioritizing them.
To provide some level of protection against Trickboot, the report suggests that organizations:
- Check devices to ensure that BIOS write protections are enabled;
- Verify firmware integrity by checking firmware hashes against known good versions of firmware, and also monitor firmware behavior for any signs of unknown implants or modifications;
- Update the firmware to mitigate numerous vulnerabilities that have been discovered.
Incident response teams performing host-level forensics on devices affected by Trickbot should examine firmware to ensure eradication, the report adds.