Tag: computers | Page 3

Intel Boot Guard private keys have reportedly leaked, compromising the security of many computers

May 7, 2023/in Computer Security

It seems like every other day there are scumbags out there perpetrating a new hack, taking advantage of a vulnerability or trying to extort people with ransomware. MSI is the latest victim, with hackers leaking material stolen from a breach of MSI’s systems last month (opens in new tab).

This one has the potential to be serious. According to tweets by Alex Matrosov (opens in new tab), the founder of Binarly (opens in new tab), at least some of the previously stolen 1.5TB of data has been leaked. The data includes private keys, some of which appear to be Intel Boot Guard keys. The leak of such keys doesn’t just affect MSI systems, but those from other vendors too, including Lenovo and Supermicro.

Boot Guard is a cryptography technology designed to protect PCs from executing fake UEFI firmware or modified BIOS. Should an attacker bypass these checks, they could gain full access to a system, access secure data or use it for any number of scummy purposes.

The use of UEFI keys is especially concerning given the risk of so-called secondary downloads. Using traditional phishing or email delivery techniques, any malware developed subsequent to a firmware update using these keys would appear to be genuine, and antivirus software would ignore it.

Your next machine

Best gaming PC (opens in new tab): The top pre-built machines from the pros
Best gaming laptop (opens in new tab): Perfect notebooks for mobile gaming

The release of the data comes after a group calling itself Money Message claimed responsibility for the breach of MSI’s internal systems (via Bleeping Computer (opens in new tab)). The group demanded a $4,000,000 payment from MSI. The release of the data would suggest that MSI didn’t pay up.

The fallout from this leak will take time to analyze, not to mention the time it could take to develop mitigations. We can expect statements from the relevant parties in the coming days.

In the meantime, take care and avoid downloading any BIOS, firmware, or system apps from anywhere other than the official sites. That goes for all system software, not just MSI’s.

Source…

California county paid $1.1 million ransom to hacker of Sheriff’s Department computers

May 5, 2023/in Computer Security

San Bernardino County acknowledged this week that it has paid a $1.1 million ransom to a hacker who uploaded malware to the Sheriff’s Department’s computer system.

In a ransomware attack, a criminal enters a system and encrypts the data, leaving the owner unable to access it. If a ransom is paid, usually in cryptocurrency, the criminal will provide a decryption key to unlock the data.

For weeks, the county said little publicly about the hack, other than to call it a “network disruption.”

David Wert, a county spokesman, said the county had anticipated such a computer invasion and had taken out insurance. He said that of the $1.1 million payout, the county’s share was $511,852 and that the insurance company paid the rest.

Sheriff Shannon Dicus said Wednesday that the cyberattack did not compromise public safety but workarounds were required for certain tasks. For instance, he said, deputies could not access the California Law Enforcement Telecommunications System, which can tell deputies when a person is wanted for crimes elsewhere in the country. So deputies would request other agencies check the CLETS records.

It was unclear Thursday whether any information was stolen. The department is still going through its systems to learn what has been affected. Those that have been determined to be safe and functioning are being turned back on, said Mara Rodriguez, a sheriff’s spokeswoman.

No other county department computer systems were affected, Wert said.

Chuck Brooks and some other cybersecurity experts say paying a ransom is a bad precedent.

“Generally, businesses should not pay for ransomware as they will likely be hit over and over again as it will be shared and sold by criminal hackers on the dark web,” Brooks said in an email on Thursday, May 4.

Brooks, in a story he wrote that appeared in Forbes magazine, said ransomware has been around since the late 1980s and “it has become a trending and more dangerous cybersecurity threat.”

Wert said there was a discussion about whether to pay but declined to elaborate beyond this statement:

“The decision whether to render payment was the subject of careful consideration,” Wert said. “On balance, and…

Source…

Google wins court order against Pakistani gang accused of infecting computers with botnet

May 1, 2023/in Internet Security

This court order doesn’t just apply to domain name registrars or hosting providers but covers blocking network traffic

Google has won a court order to force ISPs to filter botnet traffic. A US court recently unsealed a restraining order against a cybercriminal gang operating out of Pakistan that came on the back of a formal legal complaint from Google.

The tech giant reportedly collected evidence about the cybergang and accused it of ripping off Google product names, icons, and trademarks to push their malware distribution service. According to the report, the allegations also include running “pay-per-install” services for alleged software bundles that deliberately injected malware onto victims’ computers and operating a botnet to steal, collect, and collate personal data from hundreds of thousands of victims in the US.

Loosely known as CryptBot, the cybergang is alleged to have plundered browser passwords, illicitly-snapped screenshots, cryptocurrency account data, and other personally identifiable information.

“The Defendants are responsible for distributing a botnet that has infected approximately 672,220 CryptBot victim devices in the US in the last year. At any moment, the botnet’s extraordinary computing power could be harnessed for other criminal schemes,” the court order said.

“Defendants could, for example, enable large ransomware or distributed denial-of-service attacks on legitimate businesses and other targets. Defendants could themselves perpetrate such a harmful attack, or they could sell access to the botnet to a third party for that purpose,” it added.

The defendant group didn’t show up in court to argue their case. The court favoured a temporary restraining order and said that the criminal enterprise is defrauding users and injuring Google. It also authorised Google to identify network providers…

Source…