Private keys for MSI products and Intel Boot Guard have been discovered in the wild by security researchers. Hackers might use the keys to sign malware as legitimate MSI firmware. The vulnerability could allow bad actors to bypass Intel Boot Guard, a vital security check for when PCs initially boot up.
According to Binarly researchers, the leaked keys damage dozens of systems from a variety of manufacturers, including Intel, Lenovo, Supermicro, and others. A complete list can be found on the group’s GitHub website. Binarly announced on Twitter that it will look for particular examples of compromised firmware to alert consumers to what to avoid.
Downloading directly from MSI’s website is the safest approach for upgrading any impacted devices. Users should be wary of emails and other messages purporting to come from MSI.
When searching for MSI, be cautious because hackers may manipulate Google’s search ranks to spread fraudulent firmware via bogus websites. Checking URLs for anomalies is usually a smart idea. For trustworthy website links, a company’s Twitter account or Wikipedia page is usually a more reputable source. Malware posing as MSI keys can readily elude detection by antivirus and other security systems, making attacks delivered via other avenues potentially more hazardous than usual.
Last month, hackers launched a major cyberattack against MSI. While the organization did not acknowledge that it was ransomware, the event was most likely the work of the ransomware gang Money Message. Money Message stated that after penetrating MSI’s systems, it extracted around 1.5 gigabytes of data. Signing keys, source code, and private communications were among the materials. After declining to pay the group’s $4 million ransom, the firm appears to have followed through on its threat to expose the stolen material.
The attack against MSI is simply the latest in a long line of cybercrimes. Western Digital only vaguely stated that hackers stole some of its customers’ data. A ransomware attack in February knocked the US Marshal’s computer systems offline for ten weeks. Another incident caused Dallas to take down its information technology services, disrupting the 911 dispatch system, the county police website, and jury trials.
