What You Need to Know About Fending Off the Latest Cyberthreat: ‘LogoFAIL’

The latest high-profile cyber intrusion threatens most PCs, endangering businesses of all sizes. Worse, it can be set off by a surprisingly normal action.

BY KIT EATON @KITEATON

DEC 8, 2023
GettyImages-1445360258

Photo: Getty Images

Researchers this week disclosed a serious new cybersecurity threat that could affect nearly every PC device, including those made and sold by industry leaders.

And what simple mistake puts your PC at risk from this new threat? Just pushing its “on” button.

The new threat, dubbed LogoFAIL, seems much more insidious than familiar cybersecurity problems that come from clicking on a link in a questionable email, or downloading unapproved software onto your company PC. That’s because LogoFAIL can quietly start worming its way into your computer’s vulnerable systems and sensitive files in the brief moments after the machine is turned on.

This trick by LogoFAIL means the PC hasn’t had time to load a full operating system with all its built-in protections, let alone any antivirus or cybersecurity software typically used to defend against hacking threats. Having a virus activate in this small window of time is worrying from a security perspective, since there may be few limits to what it can do. All the familiar problems that hacking can cause could follow: Hackers could try installing additional viruses, activating spyware, stealing data, or locking out users from their systems and charging a ransom to regain access.

It’s well documented that many enterprises rely on out-of date hardware and software to run their business, or are slow to fix vulnerabilities and apply updated antivirus systems. How often have you ignored that “update your PC now!” alert, not knowing that it includes critically important software fixes to prevent cyberattacks?

A report released in October showed that by then the year-to-date total of detected data breaches and leaks had already risen above 2022’s figures, indicating that security breaches are a growing problem. In terms of large-scale attacks, in June a global cyberattack hit federal systems, and was blamed on a Russian ransomware gang that calls itself Clop. In November, the world’s largest bank was hit by a ransomware attack. 

It’s not just governments and large corporations with vast troves of valuable data that are vulnerable to attacks. Small businesses may face even greater threats, since their limited manpower means small IT teams or outsourced IT providers may be the only line of defense. Many businesses do little more than check their often inadequate firewall and security software on individual computers. Recent data from Verizon’s 2023 Data Breach Investigations Report shows that small enterprises experience the greatest number of data breaches. 

Binarly, the cybersecurity company that revealed the LogoFAIL threat this week at the Black Hat security conference in London, says it affects x86 and ARM computers, which includes most popular Windows and Linux systems.

LogoFAIL targets software from the main vendors of UEFI BIOS software. This is the software that runs when you first turn on a PC: that flash of code that races across the screen after you press the power button, often partnered with a basic graphic image or logo. A hacker who gains access to this boot-up graphic’s image file via cybersecurity gaps or loopholes in a network could add malicious code that then is blithely run as part of the normal PC startup process.

So should you simply refrain from switching on your company laptop, to avoid the LogoFAIL threat?

Not at all. It’s worth remembering that LogoFAIL is merely the latest high-profile security threat, and vendors have already begun to respond to the new problem. Computer users and IT teams are advised to keep an eye out for UEFI security updates and patches that fix the loophole the new hack takes advantage of.

This alert is a reminder that even if you’re busy running a small or midsize business, hackers are interested in your IT system. To avoid problems, do regular basic security checks like keeping software and operating systems up to date, advising employees to be cyberthreat savvy, and regularly refreshing passwords. The Small Business Administration even has a website with tips, and the Cybersecurity and Infrastructure Security Agency and FBI have released more technical advice. Although it’s tailored to an earlier hack linked to the widely used MOVEit file transfer system, it still includes solid recommendations.

Inc Logo
Top Tech

Weekly roundup of the latest in tech news