What is “BlackLotus”?
Following news in late 2022 of a new UEFI bootkit being sold for $5,000 on hacking forums called BlackLotus. ESET researchers have recently released an analysis of this bootkit discovered in the wild. There was speculation as to whether or not BlackLotus was real and did what the sellers claimed it could do (bypass UEFI SecureBoot and implant a bootkit). The Eclypsium team has independently learned about Black Lotus UEFI Bootkit, confirming many of the recent claims from ESET researchers. We’ve been tracking this one closely and communicating with both internal and external security researchers about this bootkit and its capabilities. We now believe it is a threat deserving of attention from defenders as BlackLotus represents the first in-the-wild bootkit that can bypass Secure Boot.
At a high level, the rootkit bypasses UEFI Secure Boot by exploiting a vulnerability in the Windows bootloader (CVE-2022-21894, AKA “Baton Drop”). The presence of this vulnerability is vital to the malicious code’s mission as it allows for additional stages of stealth implantation and further attacks. The vulnerability has been patched by Microsoft. Administrators can deploy the patch that fixes the vulnerability in the Windows boot manager.
However, due to the complexities of UEFI Secure Boot and the Windows boot process, applying the patch does not mitigate an attacker’s ability to carry out the subsequent attack chain. An attacker with administrator privileges (and the ability to bypass UAC) can install an older, still-vulnerable boot manager version. This is similar to BYOVD, bring your own vulnerable driver attacks, such as Eclypsiums’ Screwed Drivers research. To mitigate the threat posed by a vulnerable boot manager Microsoft would have to revoke the boot manager’s cryptographic hash. However, this prevents some systems (bootable media, older system backups) from booting by design with Secure Boot, and would pose an operational risk to potentially millions of devices. Even if the boot manager was revoked and Secure Boot was disabled, the system may still not boot as the boot manager performs its own signature checking. Therefore, the windows update is not sufficient to block this attack method.
Next, with the vulnerable code in place, the attacker can install a signing key using the same MOK/Shim toolset used to enable UEFI Secure Boot on Linux. This allows boot-time persistence for a payload that alters the Windows kernel behavior, disabling multiple security protections (including Bitlocker, Hypervisor-protected Code Integrity (HVCI), and Windows Defender). BlackLotus also established a covert command and control channel and provides the ability to download additional user-level or kernel-level payloads.
Severity and Impact
Like many boot-time attacks, the methods implemented by BlackLotus would be extremely difficult to detect via traditional cyber security solutions. While true that the attacker in this scenario already has elevated privileges on the system they are elevating to even higher privileges to bypass even more security measures. This scenario could lead to increased dwell time as your detection tools are essentially being fooled.
The overall impact is similar to the ones previously described in Eclypsium publications and research. In fact, the Eclypsium research team has a deep background in this subject, for example:
- One Bootloader to Rule them All (You can watch the presentation and a podcast interview with Eclypsium researchers Mickey Shkatov and Jesse Michael) – In 2022 Eclypsium researchers uncovered 3 CVEs in signed bootloaders. Conceivably attackers could have leveraged these in BlackLotus.
- Everyone Gets A Rootkit (2021) – Eclypsium researchers discovered flaws in the WPBT (Windows Platform Binary Table) that could allow an attacker with control of the UEFI firmware the ability to install malicious code that persists through OS re-installs. While these binaries must be signed, expired certificates are accepted.
- BootHole (2020) – Vulnerabilities in Grub highlighted several challenges related to vulnerable signed UEFI bootloaders, including the revocation process.
- Screwed Drivers(2019) – Research uncovering specific vulnerable drivers, how widespread this problem is, the impact and challenges associated with driver block lists, and revocation.
- Eclypsium researchers have presented on Secure Boot dating as far back as 2013 at Black Hat USA in a talk titled “A Tale of One Software Bypass of Windows 8 Secure Boot” and again in 2014 at Defcon “Summary of Attacks Against BIOS and Secure Boot“.
This research led Eclypsium to independently monitor these specific technical mechanisms, such that now changes made by BlackLotus are already detected by Eclypsium. Indicators of compromise are being deployed to Eclypsium customers to specifically identify these changes as the BlackLotus UEFI Bootkit.
- As always, perform regular software and firmware updates and update revocation lists (where applicable).
- The latest January 2022 Windows updates address CVE-2022-21894, but this is insufficient to block the installation of BlackLotus.
- Eclypsium SaaS customers will automatically receive content updates specifically identifying the BlackLotus UEFI bootkit.
- On-premise and offline customers should install the latest content updates.
- Immediately ensure that endpoints are regularly monitored for indicators of compromise or unauthorized modifications to the boot process.
- For Eclypsium customers, establish a baseline and investigate deviations from known-good states related to bootloaders and secure boot.