We are talking about “iron” as a boot set – methods of infecting computers at the hardware level. This is a program and non-scripting vulnerability, these are settings at the computer device level, so dealing with them is extremely difficult.
For computers manufactured before 2020, 69% of viruses are boot kits only. Most viruses discovered by Positive Technologies experts were developed for an outdated and insecure BIOS. The problem is that many companies are not able to quickly update computers that are “recommended to use the BIOS by default”. Although Intel has stopped supporting this pre-installed software in 2020.
At the same time, bootkits are dangerous not only for old computers, but also for new computers using UEFI. According to the US National Vulnerability Base, 18 such vulnerabilities were discovered for new software in 2021, but there were only 5 of them in 2019. The first known boot set specifically for new devices was developed in 2017.
“Among the boot sets we analyzed, most were developed for an outdated and insecure BIOS. Intel stopped supporting this software in 2020, but some companies are unable to quickly update their IT infrastructure where it is recommended to use the BIOS by default,” explained the Positive Technologies research group. an analyst Yana Yurakova.