News MSI Confirms Cyberattack, Advises Caution with Firmware

[Admin]

MSI confirmed it was the victim of a cyberattack, and is advising customers to only get BIOS ups and firmware from its website.

MSI Confirms Cyberattack, Advises Caution with Firmware : Read more

 

[hotaru251]

tbh if you are using 3rd party sites for your stuff thats bad habit.

 

[domih]

The three stages of Ransomware:

1. The attackers encrypt your files and you better pray your incremental backup policies are working 100% so you can restore from scratch and fast.

2. The attackers threaten to publish your data if you do not pay. This is where your encryption policies matter. If your data is correctly encrypted and the encryption keys nowhere to be found, the attackers just have blobs of encrypted data with no means to decrypt it.

3. The attackers threaten third parties thanks to the data that was extracted from the breach on your servers. If the attackers are truthful in this particular case when stating "...Say your manager, that we have MSI source code, including framework to develop bios, also we have private keys able to sign in any custom module of those BIOS and install it on PC with this bios..." you better pray you have the correct policies for compromised keys revocation.

Ransomware pays less and less and the attackers are now aggressive in stages 2 and 3.

 

[Droidfreak]

So, any thoughts on potential consequences for MSI users? Provided that I always double-check where I download my BIOS from anyway and have already changed my MSI account password, just in case?

 

[domih]

So, any thoughts on potential consequences for MSI users? Provided that I always double-check where I download my BIOS from anyway and have already changed my MSI account password, just in case?

At this point, this is unclear. MSI just published ass-covering responses so far.

If the attackers were truthful when they stated "...also we have private keys able to sign BIOS files..." then MSI should probably create new signing keys. What is not clear is whether there will be a mechanism to reject the old keys and accept the new keys on a client computer. If the BIOS installation is a Windows GUI installer, revoking the compromised keys should be possible via the Microsoft revocation when checking the installer signature(s). Just wait for more news from MSI. By now, they should know if the signing keys were actually stolen or not.

In any case, you are probably fine by only downloading BIOS updates from their site.

 

[Droidfreak]

If the BIOS installation is a Windows GUI installer

Tbh I have never seen a BIOS update mechanism that would work like that.
Probably if the keys were indeed compromised, we can expect some MSI site clones popping up and malicious ads being used to promote them... Bookmarks and password managers to the rescue 🛟

 

[Sleepy_Hollowed]

Oh boy, this is a bad day for MSI, and much worse for their clients.

To be honest, I'd steer away from their downloads for a while, until they've been shown to revoke their on the wild certificates.

If they don't, just don't get anything from them, and make sure to keep opening tickets with them.