Computer manufacturer Dell has released a new security tool for its customers in order to protect their computers from sophisticated cyberattacks that compromises the BIOS.
The new tool which has been named as ‘SafeBIOS Events & Indicators of Attack’ (IoA), is a behavior-based threat detection system that alerts users when BIOS settings of their computers experience some unusual changes.
BIOS (Basic Input Output System) is a small but highly-privileged program that handles critical operations and starts your computer before handing it over to your operating system.
It is important to protect the BIOS program because:
- Changes to the system BIOS settings would let malicious software to run during the boot process,
- When a hacker gets control of the BIOS, he can secretly control the targeted computer and gain access to the data stored on it,
- Malware in BIOS remains persistent and remains there even when you format or erase the entire hard drive,
- It is hard to detect the attacks against the BIOS as they are invisible to antivirus and other security software installed on the system,
- With stealth access to one of the compromised systems in an enterprise IT network, attackers could move laterally throughout the infrastructure.
Dell states that the controls offered by SafeBIOS can quickly mitigate the risk of BIOS tampering by letting the user known it on time allowing them to quarantine infected PCs.
David Konetski, VP Client Solutions Group CTO at Dell stated in a blog that the organizations must have the ability to detect when a malicious actor is on the move, altering BIOS configurations on endpoints as part of a larger attack strategy. Now SafeBIOS provides this unique ability to produce Indicators of Attack on BIOS configurations, including changes and events that can signal an exploit.
When BIOS configuration changes are detected that indicate a potential attack, security and IT teams are alerted in their management consoles, letting them do isolation and remediation. SafeBIOS Events & IoA provides IT teams the visibility into BIOS configuration changes and analyzes these for potential threats – even during an ongoing attack.
Dell says that the SafeBIOS Events and Indicators of Attack tool is currently available for their commercial PCs through its Dell Trusted Devices solution.