Eliminating MITRE Attacks with Confidential Computing - T1542: Pre-OS Boot

Computer screen displaying a command-line interface with a ping command that timed out, indicating network issues. The context is indistinct due to shallow depth of field.
Published on
Aug 29, 2022
How do I protect against MITRE Attacks T1542: Pre-OS Boot? You use Anjuna and Confidential Computing to separate applications from the the operating system.
https://www.anjuna.io/blog/anjuna-eliminates-mitre-attack-t1542

In a recently published white paper, Anjuna Security analyzed the complete MITRE attack matrix and found 77 MITRE attacks that Confidential Computing can instantly eliminate. In this series of blogs, we will cover in detail the top five critical attacks and address how Confidential Computing implemented using Anjuna software can abolish these attacks forever!

MITRE Attack T1542: Pre-OS Boot

A chart with five columns related to cybersecurity: "Attack" describes a boot sequence modification giving boot-level access. "Public Attack Examples" lists known numerous attacks. "How Confidential Computing stops the Attack" explains Anjuna's protection by creating an isolated environment with hardware. "References" inquire about boot sector viruses. "MITRE Ref" mentions the BootHole Grub bootloader bug allowing malware in Linux, Windows.

The fifth and last MITRE attack we cover in this series is T1542: Pre-OS Boot. In this attack, an adversary attempts to hijack a system and establish a foothold by tampering with the operating system (OS) between critical moments of hardware initialization and loading the OS, known as boot processing. During the boot process of a computer, various startup services are loaded before the OS, such as BIOS (Basic Input/Output System) and the Unified Extensible Firmware Interface (UEFI); this level provides a perfect cover for malware to hide, making it possible to avoid detection by host software-based defenses. Bootkits are widely available on the black market and used extensively by cybercriminals to infect systems. Recently discovered by Eclypsium researchers, a vulnerability dubbed "BootHole" utilizes this attack technique. It is estimated that BootHole can affect most modern systems today, including laptops, desktops, servers, network appliances, and other special-purpose equipment used in healthcare, financial and other industries.

How to Protect Against T1542: Pre-OS Boot

Anjuna Confidential Computing software creates isolated hardware-secured environments that separate applications from the operating system, thereby removing the OS vulnerability.


How is this possible? The creation of Confidential Computing technology by chip manufacturers (including Intel and AMD) and now offered as a service by cloud providers, such as AWS and Microsoft Azure, allow you to protect sensitive workloads at the hardware level. This trusted execution environment (TEE) removes the vulnerabilities brought on by the operating system because application code and data are isolated from the rest of the machine. Communication between your instance and your application is accomplished through a secure local channel. A user with root privileges or an admin user on the instance will not be able to access the secure environment, separating the machine's OS and protecting the application.

A stylized cloud contains icons representing computing services, above the word "anJuna." Below, smaller clouds are labeled with cloud platform logos: AWS, Azure, Oracle Cloud, Alibaba Cloud, IBM Cloud, and Google Cloud. Text beneath reads, "ANY APPLICATION. ANY CLOUD. ANYWHERE."

Learn More About Other Attacks!

If you missed our previous blog that details how Anjuna provides a solution against MITRE attack T1203: Exploitation for Client Execution, you can access that below.

Anjuna Protects Against T1203: Exploitation for Client Execution

To learn more about the other 76 attacks that Anjuna software protects against and how you can instantly adopt security by default across your entire environment, take a look at our MITRE white paper below!

Eliminate 77 MITRE Attacks With Anjuna

More like this
Governance, zero trust, and data-in-use: What you need to know about NIST CSF 2.0
Governance, zero trust, and data-in-use: What you need to know about NIST CSF 2.0
Prevent Accidental Secret Breaches with Anjuna and GitLab
Is your security more like a seatbelt, or an elevator brake?
Get Started Free with Anjuna Seaglass

Try free for 30 days on AWS, Azure or Google Cloud, and experience the power of intrinsic cloud security.

Start Free
Attacks and Vulnerabilities