July 17, 2024
1 Solar System Way, Planet Earth, USA
Computer Hardware

MSI users are at risk of unauthorized BIOS and firmware updates!

MSI users are at risk of receiving fraudulent BIOS and firmware updates after hackers got hold of their source codes, private keys and BIOS firmware!

MSI Suffers Ransomware Attack and Data Theft!

On April 7, 2023, MSI (Micro-Star International) fell victim to a ransomware attack, in which hackers allegedly exfiltrated 1.5 terabytes of source codes, BIOS firmware, private keys, and other data from its servers.

In its concise form regulatory document To the Taiwan Stock Exchange (TWSE), MSI admitted it was hacked, but did not detail the circumstances or nature of the attack.

After detecting that some computer systems were being attacked by hackers, MSI's IT department has put in place an information security defense mechanism and recovery procedures. The company has also reported the anomaly to the relevant government authorities.

MSI claimed the attack had “(No) significant impact on our business in financial and operational terms currently“, but he said it was “improve the information security control measures of your network and infrastructure to ensure data security.

in a public statementMSI also urged users to obtain firmware/BIOS updates only from its official website and refrain from using other sources.

Read more : MSI Suffers $4 Million Ransomware Attack, Data Theft!

MSI Suffers $4 Million Ransomware Attack, Data Theft!

Stolen data exposes MSI users to fraudulent BIOS and firmware updates!

The MSI ransomware attack and data theft appear to have been carried out by the Money Message ransomware gang, which has threatened to release the 1.5 terabytes of critical data it exfiltrated from MSI servers.

While MSI has apparently restored the files encrypted by the ransomware, the exposure of the private keys and source codes will likely allow Money Message or other threat actors to develop fraudulent BIOS or firmware updates.

Installing unauthorized BIOS or firmware updates will grant the malware the access level of a super-low-level rootkit, giving it full control over your computer and the ability to spy on almost everything you do. This malware will also be extremely difficult to detect and remove. After all, it is launched before The operating system!

Nowadays, fraudulent BIOS or firmware updates are much less of a problem because they are usually digitally signed by the vendor, MSI in this case. Even if threat actors distribute trojanized downloads for MSI users, they cannot create the proper digital signatures for those files.

However, now that MSI's private keys have been stolen, they can be used to create fake BIOS or firmware updates with authentic digital signatures! MSI users who download and install those updates will never know the difference.

Recommended : Can Approve New Participant Block WhatsApp Hackers?

Warning about Money Message MSI ransomware

The biggest risk right now is being run by PC hardware enthusiasts who enjoy installing unofficial firmware updates to gain access to special configurations. This is precisely why MSI urges its users to download files only from its official website.

Of course, this assumes that the MSI download servers are safe and have not been compromised. If threat actors have access to MSI download servers, they can insert trojanized downloads with appropriate signatures, and MSI system administrators may not be aware of it!

Hopefully this incident will force MSI to take a closer look at its cybersecurity measures and conduct penetration tests to ensure its download servers are secure. Otherwise, some threat actors are likely to take advantage of MSI users.

Please support my work!

Support my work via bank transfer/paypal/credit card!

Name: Adrian Wong
Wire transfer : CIMB7064555917 (Swift code: CIBBMYKL)
Credit Card / Paypal: https://paypal.me/techarp

Dr. Adrian Wong has been writing about technology and science since 1997, and even published a book with Prentice Hall called Breaking the BIOS barrier (ISBN 978-0131455368) While I was in medical school.

He continues to devote countless hours each day to writing about technology, medicine and science, in his quest for facts in a post-truth world.

Recommended reading

Back to > Business | Computer | ARP Technology

Support Tech ARP!

Please support us with Visiting our sponsorsparticipating in the ARP Technology Forumseither donating to our fund. Thank you!

    Leave feedback about this

    • Quality
    • Price
    • Service

    PROS

    +
    Add Field

    CONS

    +
    Add Field
    Choose Image
    Choose Video
    X