Kaspersky Labs: "...The exact infection vector remains unknown, however, it is assumed that the infection occurs through remote access to the targeted machine..." https://usa.kaspersky.com/about/press-releases/2022_kaspersky-uncovers-third-known-firmware-bootkit
Don't hold your breath on this one. Trickbot can infect both UEFI and BIOS based systems: https://thehackernews.com/2020/12/trickbot-malware-gets-uefibios-bootkit.html
Enabling Secure boot and/or adding a password to access UEFI should prevent this, according to the article.
I see in those articles some tools to monitor and protect firmware integrity in hardware but they're for enterprises. Hence quite expensive. How about, for the average home user, to re-flash the UEFI/BIOS firmware regularly. Just in case.
If you are not special (like state targeted) I would just use a secure boot and a bios/uefi password. A firmware flash can always go wrong and some mainboards don't have a backup bios. I wouldn't want to force my "flashing" luck
Agreed. Not something I would do just as preventative security. I had a PC in the past that would fail to finish a flash. Fortunately I was able to buy a chip that was already flashed with the correct firmware. After I paid for that and the tool to extract the old one it still wasn't cheap despite that the entire machine would have been bricked had I not had that option.
I assume you first still need to run malware before it can infect the UEFI. So either the user needs to run it, or they can use some exploit to run the malware automatically. But if this is the case, it's not clear to me how AV's can block it from infecting the UEFI. With normal rootkits it's enough to simply block a driver from loading.
