New Type of Malware Developed by Russian Hackers Eludes Discovery

Today’s topics include a new Russian malware named LoJax embedding itself in PC firmware, and the release of Kubernetes 1.12 featuring TLS Bootstrapping.

Researchers at security company ESET say they have found a new type of malware called LoJax, named after the LoJack anti-theft security software because both embed themselves into a computer’s firmware.

There, the malware eludes discovery, can’t be removed by anti-malware products, and will survive the reinstallation of an operating system or even the replacement of the computer’s hard disk. Once it’s in the computer, the malware can do pretty much whatever its creators want it to do. It can funnel information to a remote location, install ransomware or install other types of malware that if they’re removed can simply be installed again.

The software was developed by Russian hacking group Fancy Bear and works first by examining the code running in the victim computer to determine if it can be infiltrated. Then the malware loader copies the code, adds its own malware and then flashes the computer’s firmware to embed the code.

On Sept. 27, the Cloud Native Computing Foundation announced the general availability of Kubernetes 1.12, which includes TLS Bootstrapping, a security capability that developers have been working on since the release of Kubernetes 1.4 in 2016.

With TLS Bootstrapping, a Kubernetes node can request and obtain a Transport Layer Security certificate to join a TLS-secured cluster.

Among the other stable features that have landed in Kubernetes 1.12 is support for Microsoft Azure Virtual Machine Set and cluster-autoscaler capabilities. VMSS enables users to create Kubernetes pods that can scale based on policy or on demand.

Kubernetes 1.12 also includes multiple notable features that have achieved the beta level of stability. These include Taint Node by Condition and Topology Aware Dynamic Profiling.