Hi [[ session.user.profile.firstName ]]

Protecting Your Organization From MosaicRegressor and Other UEFI Implants

The recent discovery of MosaicRegressor spyware is the latest in an ongoing trend of UEFI implants observed in the wild. These threats are particularly powerful because their malicious code runs before and supersedes the operating system, while also allowing the threat to persist within firmware even after a system is reimaged. The implant code itself is universal and easy to build and the UEFI file system format is largely unmodified by individual OEMs. This creates a relatively low barrier to entry for attackers making it likely we will see this type of capability show up in other campaigns.


In this webinar, you’ll learn:
- How MosaicRegressor and other UEFI attacks work
- Why these attacks are so dangerous and difficult to detect
- Why this discovery is significant, and what it portends for future threats
- How Eclypsium is able to detect these threats even before they are public
- What strategies you can use to protect and defend your devices from UEFI attacks.
Recorded Dec 3 2020 69 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Yuriy Bulygin, CEO of Eclypsium & Scott Scheferman Principal Cyber Strategist
Presentation preview: Protecting Your Organization From MosaicRegressor and Other UEFI Implants

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • The Mark of Zero: The Role of Firmware in Zero Trust Strategies Aug 11 2021 7:00 pm UTC 60 mins
    John Loucaides, VP of R&D and Michael Thelander, Director of Product Marketing
    A few years ago, a casual Google search on the term “zero trust” would have returned hundreds of thousands of hits. Search for the same term today, and you’ll get about 4 billion hits -- that’s “billion” with a “B.” It’s possible that no other cybersecurity approach has matured so fast and received such widespread adoption in such a short time.

    But can a Zero Trust security strategy be effective without accounting for the needs of firmware security? What does it even mean to apply Zero Trust principles to something as difficult to assess and secure as firmware? And who owns this initiative, the vulnerability management team? The CIO’s team?

    In this webinar, John Loucaides, Eclypsium VP of R&D, and Michael Thelander, Director of Product Marketing, will discuss the four pillars of Zero Trust security:

    1. Default deny
    2. Contextual authentication
    3. Granular control
    4. Dynamic response

    They will tie each of these pillars to the unique security requirements of firmware across the modern enterprise.

    John and Michael will discuss how firmware is under fire by commercially motivated and nation-state attackers today and reveal the gap between modern infosec tools and firmware-based exploits. Then they’ll outline an approach to identify, verify, and fortify the firmware underneath every organization’s current technology stack–sustainably and cost-effectively.
  • Firmware Fiascos and the Supply Chain’s Weakest Link Recorded: Jul 28 2021 61 mins
    John Loucaides, VP of Federal Technology and Michael Thelander, Director of Product Marketing
    The technology supply chain supports virtually every aspect of modern-day organizations: from software and services to servers, switches, laptops, and virtual machines. As a result, any compromise or vulnerability in the supply chain is amplified by hundreds of downstream users and dozens of downstream use cases. Worse, this can bring invisible and potent risks into an organization under the guise of a trusted asset.

    While the firmware layer is often overlooked, it’s increasingly under fire from both financially motivated hackers and determined nation-states. It often represents a single point of failure in devices and is the stealthiest way an attacker can compromise a vast number of devices at scale. A firmware attack in the supply chain ensures that the attacker’s code is the first to run and has the highest privileges from the moment a device turns on.

    Commercial and government organizations alike are left wondering how they can trust vendor tools and checks when the vendor itself (or one of its upstream component providers) may be compromised in the supply chain? Join Eclypsium’s Director of Product Marketing, Michael Thelander, and VP of Federal Technology, John Loucaides, as they discuss:

    - Hardware/firmware/software supply chain complexity
    - Firmware’s critical role in the four key phases of hardware and software lifecycles
    - Current and recent attacks (interdiction/tampering vs. backdoor)
    - Ongoing SBOM efforts
    - Practical firmware mitigation and hardening defenses for your organization
  • Modern Threat Developments Affecting Patient Safety & What To Do About Them Recorded: Jul 22 2021 38 mins
    Eric Decker - CISO, Intermountain Health Care and Scott Scheferman - Principal Cyber Strategist, Eclypsium
    When hospitals are barely able to keep up with basic cyber hygiene, what must they still get ahead of in order to best protect patient safety and the uptime of critical medical devices and related workflows? How can hospitals still move the needle to protect patient life against hyper-evolving cyber threats that threaten more than just privacy and reputation?

    We’ll take a close look at how some of the most active, widespread, and notorious cybercriminal gangs, as well as their nation-state affiliate counterparts, continue to join forces to attack hospitals. We’ll expose newer highly destructive, automated, worming threats that have already evolved from where they left off in 2020’s pandemonium. More importantly, we’ll cover things hospitals of various sizes can actually do to get ahead of these threats by leveraging groundwork already laid, and by asking the harder questions that need to be answered anew in 2021.

    This recorded video was first presented at the H-ISAC Spring Summit in May 2021
  • The Cybersecurity EO, Firmware, and Kicking the Can Recorded: Jul 14 2021 61 mins
    John Loucaides, VP of Federal Technology and Michael Thelander, Director of Product Marketing
    The president’s recent “Executive Order on Improving the Nation’s Cybersecurity” presents new perspectives and directions on preventing increasingly destructive ransomware and cyber attacks. While all ten sections in the executive order provide instructions for federal agencies and CISOs in the commercial sector, one in particular breaks away from traditional best practices and calls for new approaches:

    Section 4, “Enhancing Software Supply Chain Security,” concentrates on strengthening and securing the complex, multi-headed software supply chain and puts a considerable emphasis on defining and detailing “critical software.”

    Firmware is “critical software” in every sense of the term. But in NIST’s follow-up white paper detailing the term “critical software,” firmware was intentionally left for “later.”

    In this session, Eclypsium’s Director of Product Marketing, Michael Thelander, and VP of Federal business, John Loucaides, will discuss:

    - How firmware security is central to both the spirit and the letter of the executive order
    - What it means to “kick the firmware can down the road,” why it’s counter to current attack trends, and what needs to be done when it’s included soon.
    - What you can do–today–to build a Software Bill of Materials (SBOM) that includes critical and increasingly vulnerable firmware details

    We’ll also explain how to break a huge executive order into immediately actionable and valuable chunks that deliver real value.
  • BIOS Disconnect - New Research from Eclypsium Recorded: Jun 30 2021 44 mins
    John Loucaides, VP Federal Technology, Eclypsium
    Eclypsium researchers have identified multiple vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This chain of vulnerabilities has a cumulative CVSS score of 8.3 (High) because it allows a privileged network adversary to impersonate Dell.com and gain arbitrary code execution at the BIOS/UEFI level of the affected device. Such an attack would enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls. The issue affects 128 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs.

    In this webinar, we will discuss the significant risks this poses to the integrity of these devices, and what steps can be taken to mitigate this threat.
  • Modern Threat Developments Affecting Patient Safety & What To Do About Them Recorded: Jun 28 2021 38 mins
    Eric Decker - CISO, Intermountain Health Care and Scott Scheferman - Principal Cyber Strategist, Eclypsium
    When hospitals are barely able to keep up with basic cyber hygiene, what must they still get ahead of in order to best protect patient safety and the uptime of critical medical devices and related workflows? How can hospitals still move the needle to protect patient life against hyper-evolving cyber threats that threaten more than just privacy and reputation?

    We’ll take a close look at how some of the most active, widespread, and notorious cybercriminal gangs, as well as their nation-state affiliate counterparts, continue to join forces to attack hospitals. We’ll expose newer highly destructive, automated, worming threats that have already evolved from where they left off in 2020’s pandemonium. More importantly, we’ll cover things hospitals of various sizes can actually do to get ahead of these threats by leveraging groundwork already laid, and by asking the harder questions that need to be answered anew in 2021.

    This recorded video was first presented at the H-ISAC Spring Summit in May 2021
  • A New Approach to Protecting Network and Unmanaged Devices Recorded: Jun 15 2021 60 mins
    Ed Amoroso, CEO & Founder, TAGCyber, and Scott Scheferman, Principal Cyber Strategist, Eclypsium
    Enterprise IT and security teams today must navigate the risk of a constantly evolving landscape of networking equipment, connected devices, and personal-use employee devices in remote work environments. Many of these devices simply can’t be managed using traditional security tools, with recent studies estimating that up to 90% of enterprise devices can’t support a traditional security agent.

    This unmanaged attack surface is actively under attack. VPNs and networking infrastructure have been some of the most popular targets, as adversaries use them to gain access to organizations and spread ransomware and other malware. CISA has repeatedly issued alerts concerning a wide range of state-based actors targeting enterprise network infrastructure, including a recent joint advisory warning of active scanning and exploitation of leading vendors such as Cisco, Citrix, F5, Fortigate, Pulse Secure, and others.

    What’s a security team to do? Maybe it’s time for a new approach to protecting network appliances and other ‘unmanaged” appliances. In this webinar you’ll learn:

    - Why VPNs and networking infrastructure are targeted for attack
    -Who is behind these attacks and what they hope to gain
    -What kinds of vulnerabilities - such as unpatched firmware - attackers are seeking
    -How certain types of critical devices are targeted by ransomware actors in a way that leverages the concept of supply chain dynamics.
    -Why traditional security tools may leave you blind to this threat
    -How you can get ahead of attackers with a new distributed approach to network device discovery and analysis that provides agentless visibility into all corners of an enterprise



    Speakers:
    Ed Amoroso, Founder and CEO of TAG Cyber, former CISO of AT&T
    Scott Scheferman, Principal Cyber Strategist, Eclypsium
  • What Auditors Need to Know When Evaluating Firmware Compliance Recorded: May 26 2021 51 mins
    John Loucaides, VP of Federal Technology
    Recent updates to NIST 800-53 and other compliance standards emphasize that controls must extend down to firmware and hardware. To keep pace with widespread attacks and new standards, organizations must incorporate firmware security into risk management and compliance processes and address blind spots that have given attackers a new foothold. But what does this mean, and what should you be looking for?

    In a follow-on to his popular ISACA presentation, Eclypsium’s John Loucaides will delve deeper into the questions auditors should ask, and the tools that are available to implement controls and verify due diligence within an organization.

    Eclypsium’s VP of Federal Technology, John Loucaides will discuss:

    - What is firmware, and why is it important?
    - Why firmware and hardware security is being called out in compliance frameworks
    - What questions to ask when conducting your audit
    - Evidence of compliance that can be produced
    - How Eclypsium is helping businesses collect this evidence
  • Q2 Threat Briefing - New Developments in Device Security Recorded: Apr 29 2021 49 mins
    Yuriy Bulygin, CEO of Eclypsium & Scott Scheferman Principal Cyber Strategist
    A recent Microsoft study says 83% of all businesses have experienced a firmware attack in the past two years. The NIST National Vulnerability Database has shown more than a five-fold increase in firmware vulnerabilities in the last four years. How real is the threat to enterprise devices in Q2? Are organizations taking the right approaches to address it?

    In this quarterly device security threat briefing, Yuriy Bulygin, CEO of Eclypsium, and Scott Scheferman, Principal Cyber Strategist discuss the latest news in firmware and hardware security - from the Microsoft report to the most recent attacks in the wild - and what security leaders can do to defend their organizations.

    We’ll ask:


    - How real is the threat of firmware attacks?
    - What do recent attacks tell us about who is at risk?
    - What devices and vulnerabilities are attackers targeting now?
    - Are APTs and ransomware attackers converging?
    - What kinds of attacks can we expect going forward?
    - Why is it so difficult to get visibility into this attack surface?
    - What measures are enterprises taking to protect themselves?
    - How can we close the gap on device security?
  • Threats Below The Surface in High-Risk Devices Recorded: Apr 14 2021 24 mins
    John Loucaides, VP Federal Technology, Eclypsium
    As cybersecurity improves, attackers are seeking new methods to subvert traditional security controls - going below the surface to penetrate vulnerable firmware and hardware components inside today’s servers, laptops and networking equipment. Most organizations lack visibility into this attack surface. They can’t easily see which hardware and firmware components are in their fleet or determine which devices are vulnerable to known threats — much less detect a hidden implant or backdoor. These blind spots allow attackers to subvert traditional security controls and persist undetected, leaving organizations exposed to device tampering, ransomware, and data breaches.

    In this presentation, you’ll learn

    - What’s at risk under the hood in your devices
    - How the threat landscape is changing
    - How TrickBot malware locates UEFI vulnerabilities
    - Why attackers are targeting firmware
    - The importance of addressing supply chain risk
    - How to protect devices at scale
  • APT & Criminal Attackers Converge Below the Surface Recorded: Mar 30 2021 56 mins
    Scott Scheferman - Principal Cyber Strategist, Eclyspium
    Both criminal and Advanced Persistent Threat actors have been leveraging each other’s techniques, tactics, and procedures (TTP’s) for quite some time. Yet, as we look upon the 2021 threat landscape, there are two alarming trends that are rapidly unfolding, and for which organizations are not yet prepared: 1) the convergence of nation-state and criminal focus on the advantages of targeting firmware, and 2) the impacts and advantages to attackers associated with supply chain campaigns. 2020 saw both the alarming discovery of TrickBoot (criminal ransomware group’s UEFI-targeting module) as well as the SUNBURST and Accellion supply chain campaigns that continue to unfold. Now that those TTP’s have been burned, and those actors need to adapt, what do we need to anticipate and prepare for, ahead of this firmware convergence in the threat landscape? Finally, we’ll lean in to anticipate what comes next, if 2020’s activity has been an indicator of what is to come.
  • Threats Below The Surface in High-Risk Devices Recorded: Mar 30 2021 24 mins
    John Loucaides, VP Federal Technology, Eclypsium
    As cybersecurity improves, attackers are seeking new methods to subvert traditional security controls - going below the surface to penetrate vulnerable firmware and hardware components inside today’s servers, laptops and networking equipment. Most organizations lack visibility into this attack surface. They can’t easily see which hardware and firmware components are in their fleet or determine which devices are vulnerable to known threats — much less detect a hidden implant or backdoor. These blind spots allow attackers to subvert traditional security controls and persist undetected, leaving organizations exposed to device tampering, ransomware, and data breaches.

    In this presentation, you’ll learn

    - What’s at risk under the hood in your devices
    - How the threat landscape is changing
    - How TrickBot malware locates UEFI vulnerabilities
    - Why attackers are targeting firmware
    - The importance of addressing supply chain risk
    - How to protect devices at scale
  • Improve Device Security Using The CMMC Framework Recorded: Mar 23 2021 54 mins
    John Loucaides, VP R&D, Eclypsium
    Build device security into your overall cybersecurity plan with simple steps that help you progress from basic cyber hygiene to preventing advanced persistent threats using the Cybersecurity Maturity Model Certification (CMMC) framework as a guideline. John Loucaides, VP of R&D at Eclypsium, will share insights on how attackers compromise device integrity and how you can defeat them by designing device security into your cybersecurity practices. Whether you are part of the defense industry, the broader federal government or a commercial entity, you’ll benefit from this approach to securing critical devices.

    This webinar will cover:

    - Real-World Attacks Against Device Integrity
    - How Attackers Compromise Device Integrity
    - Designing Device Security Into Your Security Practices
    - NIST, FISMA & CMMC Cybersecurity Requirements for Device Security
    - Device Security and the Cybersecurity Maturity Model Certification (CMMC)
  • Put Zero Trust in Your Devices Recorded: Mar 17 2021 61 mins
    Steve Mancini, CISO and Ryan Clarke, Principal Security Scientist, Eclypsium
    The recent shift to a remote work environment has created new challenges for many businesses and government institutions with profound impacts on organizational security models. Suddenly, many users are no longer protected by the many layers of security found on-premise in the corporate network. Instead, security policies must evolve to support a new reality where users are remote by default and massive amounts of untrusted, inbound connections are the norm. Incorporating security concepts like Zero Trust can be a critical part of securing these remote work environments, which often include a mix of corporate laptops, BYOD devices, and home networking gear. If the integrity of these devices isn’t assured, then it is impossible to assure the safety of the operating systems and other software running on them. Yet for many organizations, device integrity remains a blindspot where Zero Trust principles are not yet applied, and as a result, security is assumed instead of verified.

    In this webinar, Steve Mancini, CISO of Eclypsium, and Ryan Clarke, Principal Security Scientist at Eclypsium will discuss:

    Device Integrity and Zero Trust
    Identifying Device Level Vulnerabilities
    Looking for Signs of Compromise
    Secure Access for Remote Workers
    Device Best Practices for Zero Trust
  • Top Five Threats to Firmware Security Recorded: Mar 9 2021 61 mins
    Yuriy Bulygin, CEO Eclypsium and John Loucaides, VP R&D Eclypsium
    As firmware-level threats continue to gain popularity in the wild, security teams need to understand how these threats work and the real-world risks they pose to an organization’s security. In this live briefing, Eclypsium will update you on the latest threats to firmware and hardware that need to be on your radar for 2021. You’ll learn:

    - The most common types of firmware attacks used in the wild today.
    - What malware, ransomware, and APT campaigns are targeting devices ranging from traditional laptops and servers to networking gear and VPN appliances.
    - How firmware attacks enable adversaries to gain control of enterprise devices, subvert security controls, and persist invisibly, undetected by traditional security solutions.
    - How to detect and defend against firmware threats in the supply chain, in operational use, and as part of incident response.
  • Safeguarding Device Integrity in the Supply Chain and Beyond Recorded: Mar 3 2021 61 mins
    Andrew Regenscheid (NIST), John Loucaides (Eclypsium)
    While most organizations are accustomed to dealing with external threats such as malware, the technology supply chain itself has rapidly emerged as an important source of risk. Proliferating vulnerabilities at the firmware and hardware level have opened the door for nation-state and ransomware attackers to gain control over laptops, servers, and network devices. Vulnerabilities or compromises in the supply chain can affect devices long before they are delivered and unboxed by the eventual owner, as well as during the update process.

    In this live webinar, our expert panel will discuss:

    - How the complex technology supply chain creates concentrations of risk
    - Recent supply chain threats and their implications for enterprise risk management
    - What a supply chain disaster scenario might look like
    - What organizations can do today to begin verifying device integrity in the supply chain and throughout the lifecycle of their devices
    - What’s coming down the road as part of the NIST project for “Validating the Integrity of Computing Devices.”

    Panelists:
    John Loucaides - Vice President of Research and Development at Eclypsium
    Andrew Regenscheid - Project Lead for Applied Cryptography within the Computer Security Division at the National Institute of Standards and Technology (NIST).
  • Assessing Enterprise Firmware Security Risk - 2021 Recorded: Feb 18 2021 61 mins
    Steve Mancini, Malcolm Harkins, Ed Amoroso
    2020 saw a dramatic increase in firmware level threats, including widespread attacks against VPN devices, newly discovered UEFI implants, and a new TrickBot module scanning for firmware vulnerabilities. And, while analysis of the SolarWinds Orion supply chain SUNBURST campaign is ongoing, multiple threat actors, including those currently suspected in this campaign by public sources, have demonstrated the ability to introduce firmware-based persistence that evades majority endpoint protection or detection as well as traditional host-forensic detection. In this environment, how should CISOs assess their firmware security risk in 2021?

    Our panel of experts discusses how to evaluate and improve your firmware security posture.

    Speakers:
    Steve Mancini, CISO, Eclypsium
    Malcolm Harkins, Chief Security & Trust Officer at Cymatic, and formerly CISO at Intel
    Ed Amoroso, Founder & CEO TAG Cyber, and formerly CISO at AT&T
  • Safeguarding Device Integrity in the Supply Chain and Beyond Recorded: Feb 16 2021 62 mins
    Andrew Regenscheid (NIST), John Loucaides (Eclypsium)
    While most organizations are accustomed to dealing with external threats such as malware, the technology supply chain itself has rapidly emerged as an important source of risk. Proliferating vulnerabilities at the firmware and hardware level have opened the door for nation-state and ransomware attackers to gain control over laptops, servers, and network devices. Vulnerabilities or compromises in the supply chain can affect devices long before they are delivered and unboxed by the eventual owner, as well as during the update process.

    In this live webinar, our expert panel will discuss:

    - How the complex technology supply chain creates concentrations of risk
    - Recent supply chain threats and their implications for enterprise risk management
    - What a supply chain disaster scenario might look like
    - What organizations can do today to begin verifying device integrity in the supply chain and throughout the lifecycle of their devices
    - What’s coming down the road as part of the NIST project for “Validating the Integrity of Computing Devices.”

    Panelists:
    John Loucaides - Vice President of Research and Development at Eclypsium
    Andrew Regenscheid - Project Lead for Applied Cryptography within the Computer Security Division at the National Institute of Standards and Technology (NIST).
  • Top Five Threats to Firmware Security Recorded: Feb 3 2021 61 mins
    Eclypsium
    As firmware-level threats continue to gain popularity in the wild, security teams need to understand how these threats work and the real-world risks they pose to an organization’s security. In this live briefing, Eclypsium will update you on the latest threats to firmware and hardware that need to be on your radar for 2021. You’ll learn:

    - The most common types of firmware attacks used in the wild today.
    - What malware, ransomware, and APT campaigns are targeting devices ranging from traditional laptops and servers to networking gear and VPN appliances.
    - How firmware attacks enable adversaries to gain control of enterprise devices, subvert security controls, and persist invisibly, undetected by traditional security solutions.
    - How to detect and defend against firmware threats in the supply chain, in operational use, and as part of incident response.
  • Assessing Enterprise Firmware Security Risk - 2021 Recorded: Jan 20 2021 62 mins
    Steve Mancini, Malcolm Harkins, Ed Amoroso
    2020 saw a dramatic increase in firmware level threats, including widespread attacks against VPN devices, newly discovered UEFI implants, and a new TrickBot module scanning for firmware vulnerabilities. And, while analysis of the SolarWinds Orion supply chain SUNBURST campaign is ongoing, multiple threat actors, including those currently suspected in this campaign by public sources, have demonstrated the ability to introduce firmware-based persistence that evades majority endpoint protection or detection as well as traditional host-forensic detection. In this environment, how should CISOs assess their firmware security risk in 2021?

    Our panel of experts discusses how to evaluate and improve your firmware security posture.

    Speakers:
    Steve Mancini, CISO, Eclypsium
    Malcolm Harkins, Chief Security & Trust Officer at Cymatic, and formerly CISO at Intel
    Ed Amoroso, Founder & CEO TAG Cyber, and formerly CISO at AT&T
Enterprise Firmware Security
Eclypsium is the industry’s leading enterprise firmware protection platform - providing a new layer of security to protect your IT infrastructure from firmware attacks. Eclypsium defends enterprises and government agencies from vulnerabilities and threats hidden within firmware that are invisible to most organizations today.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Protecting Your Organization From MosaicRegressor and Other UEFI Implants
  • Live at: Dec 3 2020 6:00 pm
  • Presented by: Yuriy Bulygin, CEO of Eclypsium & Scott Scheferman Principal Cyber Strategist
  • From:
Your email has been sent.
or close