It's about that time again, for another week, another hack. This week we are going over the multiple Lenovo Vulnerabilities affecting millions of users. Hopefully if you are a Lenovo user, you haven't been ignoring your updates.
Here's what's happening.
ESET, a trusted European cybersecurity company, has publicly announced the identification of multiple vulnerabilities within Lenovo's consumer laptops. These vulnerabilities impact over a hundred different models and millions of users.
Martin Smoler is the ESET malware analyst who discovered the vulnerabilities. According to him, the types of flaws he found allow hackers to disable security inputs and install UEFI malware into the systems.
What is a Unified Extensible Firmware Interface
A Unified Extensible Firmware Interface (UEFI), gives hackers the ability to enable malware such as LoJax and ESpecter.
These threats are dangerous because the UEFI can be extremely stealthy and near untraceable. They are ran in the initial boot-up process which gives them the opportunity to bypass nearly all security measures.
For now these vulnerabilities are only effecting Lenovo laptops. However, with more businesses embracing the work from home model, the more employees are switching to these consumer devices to do remote work.
Statistically, almost 50% of employees are using personal computers for work.
As a result, the Lenovo vulnerabilities identified, have the ability to exploit these employees and gain access to their personal laptops. A hacker could use this information to steal sensitive data or even break into other network devices.
How Severe is a UEFI Malware Threat?
For the past few years, UEFI has been involved in numerous high-profile attacks. In an instance that occurred at the end of 2021, Kapersky SecureList became aware of a UEFI firmware-level compromise within their firmware scanner.
What they found was that hackers used an infection chain in the machines boot-up sequence to compromise the firmware scanner. UEFI malware, at the highest level, is extremely dangerous because once a hacker is able to infiltrate a computers UEFI, they gain full control over the device and can access all of the data stored in it. Even if the user tries to reinstall the operating system or replace the hard drive, the malware cannot be removed. It's there for good.
Fortunately for Lenovo users, these findings don't necessarily mean losing access to your laptop.
Low Risk of Serious Take Over
Companies should still take the firmware vulnerabilities seriously, but experts point out that the risk caused by these new vulnerabilities is low due to how difficult Lenovo is to exploit.
Most of the firmware requires privileged access and endpoint protection solutions to be able to exploit the Common Vulnerabilities and Exposures (CVEs).
However, there are long-term concerns for the users who do not implement patching and endpoint protection. Those still using older, standard antivirus software will find it difficult to detect any firmware intrusions. Businesses become at risk when they don’t enforce long-term vulnerability detection and firmware patching.
What to do if you are Affected by Vulnerabilities
If you are a business affected by these Lenovo vulnerabilities, there is still something you can do. The only option to cure these new vulnerabilities is to upgrade the firmware on the laptop.
Users have access to and can search the list of affected Lenovo devices by name or machine type. From there, users can manually update the impacted components. Instructions included.
For the most part, this is a simple process. However, it has become a difficult task due to the amount of company employees using personal Lenovo devices in remote working environments. Security teams can instruct employees on what to do, but it is ultimately up to the employee to enforce the updates.
The easiest way a business can encourage updating to their employees is to send out an email notifying them on the risks and vulnerabilities that are present. Warn them that upgrading devices protects personal and company information. You could even include the list of affected devices.
Keep your business safe by implementing good cybersecurity defense measures.
Also, check out our video on cybersecurity mistakes small businesses make. Being aware is step number one!
If you are looking for cybersecurity options to defend yourself from ransomware attacks, we can help. Feel free to book a time to chat with us via the Calendly link below. I'd be happy to discuss ways to optimize your company's IT
STG IT Consulting Group proudly provides IT Service for Small to Medium Businesses in Greater Los Angeles. We'd love to see if we can help you too!