• Chewy@discuss.tchncs.deOP
    link
    fedilink
    arrow-up
    5
    ·
    11 months ago

    Yes, an attacker with write access to boot already compromised the entire OS and data. Usually replacing the storage or reinstalling the OS would get rid of the attacker. But this exploit happens early in the boot process, before the OS even loads.

    This means the only way to ensure a network remains uncompromised after an attack is physically destroying any infected devices or replacing their mainboard.

    There are major benefits to this approach. One is that no executable code ever touches the hard drive, a technique known as fileless malware that hampers detection by antivirus and other types of endpoint protection software. Another benefit: Once the image is in place, it ensures a device remains infected even when an operating system is reinstalled or the main hard drive is replaced.