Contact Sales

Eliminating MITRE Attacks with Confidential Computing - T1542: Pre-OS Boot

In a recently published white paper, Anjuna Security analyzed the complete MITRE attack matrix and found 77 MITRE attacks that Confidential Computing can instantly eliminate. In this series of blogs, we will cover in detail the top five critical attacks and address how Confidential Computing implemented using Anjuna software can abolish these attacks forever!

MITRE Attack T1542: Pre-OS Boot

 

The fifth and last MITRE attack we cover in this series is T1542: Pre-OS Boot. In this attack, an adversary attempts to hijack a system and establish a foothold by tampering with the operating system (OS) between critical moments of hardware initialization and loading the OS, known as boot processing. During the boot process of a computer, various startup services are loaded before the OS, such as BIOS (Basic Input/Output System) and the Unified Extensible Firmware Interface (UEFI); this level provides a perfect cover for malware to hide, making it possible to avoid detection by host software-based defenses. Bootkits are widely available on the black market and used extensively by cybercriminals to infect systems. Recently discovered by Eclypsium researchers, a vulnerability dubbed "BootHole" utilizes this attack technique. It is estimated that BootHole can affect most modern systems today, including laptops, desktops, servers, network appliances, and other special-purpose equipment used in healthcare, financial and other industries.

How to Protect Against T1542: Pre-OS Boot

Anjuna Confidential Computing software creates isolated hardware-secured environments that separate applications from the operating system, thereby removing the OS vulnerability.


How is this possible? The creation of Confidential Computing technology by chip manufacturers (including Intel and AMD) and now offered as a service by cloud providers, such as AWS and Microsoft Azure, allow you to protect sensitive workloads at the hardware level. This trusted execution environment (TEE) removes the vulnerabilities brought on by the operating system because application code and data are isolated from the rest of the machine. Communication between your instance and your application is accomplished through a secure local channel. A user with root privileges or an admin user on the instance will not be able to access the secure environment, separating the machine's OS and protecting the application.

 

 

Learn More About Other Attacks! 

If you missed our previous blog that details how Anjuna provides a solution against MITRE attack T1203: Exploitation for Client Execution, you can access that below.

Anjuna Protects Against T1203: Exploitation for Client Execution

To learn more about the other 76 attacks that Anjuna software protects against and how you can instantly adopt security by default across your entire environment, take a look at our MITRE white paper below!

Eliminate 77 MITRE Attacks With Anjuna

Additional Blog Articles

Eliminating MITRE Attacks With Confidential Computing - T1059: Command And Script Interpreter


Eliminating MITRE Attacks with Confidential Computing - T1554: Compromise Client Software Binary


Eliminating MITRE Attacks with Confidential Computing - T1036: Masquerading