MSI users are at risk of unauthorized BIOS and firmware updates!

MSI users are at risk of receiving fraudulent BIOS and firmware updates after hackers got hold of their source codes, private keys and BIOS firmware!

MSI Suffers Ransomware Attack and Data Theft!

On April 7, 2023, MSI (Micro-Star International) fell victim to a ransomware attack, in which hackers allegedly exfiltrated 1.5 terabytes of source codes, BIOS firmware, private keys, and other data from its servers.

In its concise form regulatory document To the Taiwan Stock Exchange (TWSE), MSI admitted it was hacked, but did not detail the circumstances or nature of the attack.

MSI claimed the attack had “(No) significant impact on our business in financial and operational terms currently“, but he said it was “improve the information security control measures of your network and infrastructure to ensure data security.“

in a public statementMSI also urged users to obtain firmware/BIOS updates only from its official website and refrain from using other sources.

Read more : MSI Suffers $4 Million Ransomware Attack, Data Theft!

Stolen data exposes MSI users to fraudulent BIOS and firmware updates!

The MSI ransomware attack and data theft appear to have been carried out by the Money Message ransomware gang, which has threatened to release the 1.5 terabytes of critical data it exfiltrated from MSI servers.

While MSI has apparently restored the files encrypted by the ransomware, the exposure of the private keys and source codes will likely allow Money Message or other threat actors to develop fraudulent BIOS or firmware updates.

Installing unauthorized BIOS or firmware updates will grant the malware the access level of a super-low-level rootkit, giving it full control over your computer and the ability to spy on almost everything you do. This malware will also be extremely difficult to detect and remove. After all, it is launched before The operating system!

Nowadays, fraudulent BIOS or firmware updates are much less of a problem because they are usually digitally signed by the vendor, MSI in this case. Even if threat actors distribute trojanized downloads for MSI users, they cannot create the proper digital signatures for those files.

However, now that MSI's private keys have been stolen, they can be used to create fake BIOS or firmware updates with authentic digital signatures! MSI users who download and install those updates will never know the difference.

Recommended : Can Approve New Participant Block WhatsApp Hackers?

The biggest risk right now is being run by PC hardware enthusiasts who enjoy installing unofficial firmware updates to gain access to special configurations. This is precisely why MSI urges its users to download files only from its official website.

Of course, this assumes that the MSI download servers are safe and have not been compromised. If threat actors have access to MSI download servers, they can insert trojanized downloads with appropriate signatures, and MSI system administrators may not be aware of it!

Hopefully this incident will force MSI to take a closer look at its cybersecurity measures and conduct penetration tests to ensure its download servers are secure. Otherwise, some threat actors are likely to take advantage of MSI users.

Recommended reading

Back to > Business | Computer | ARP Technology

Support Tech ARP!

Please support us with Visiting our sponsorsparticipating in the ARP Technology Forumseither donating to our fund. Thank you!