Attackers could get “superuser” status on millions of computers due to old Gigabyte ransomware leak
Data hacked in a two-year-old ransomware attack against Gigabyte could make millions of servers worldwide vulnerable to serious security flaws and endanger millions more computer users, ArsTechnica reports.
In 2021, attackers made off with 112GB of Gigabyte’s data, which included confidential information from its supply chain partners, including AMD and Intel.
The pair of vulnerabilities of concern are contained in the American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) firmware and were recently discovered and reported by Eclypsium Research.
BMCs are effectively tiny computers with the ability to carry out “lights out” system management.
With full remote managing of large fleets of computers, they can reinstall operating systems, install and remove apps, and control nearly every function of connected computers — even when the computers are turned off.
Eclypsium warned that the vulnerabilities could allow malicious actors to do all of the above.
That would naturally enable them to remotely deploy malware or ransomware or to conduct firmware implanting and bricking of motherboard components.
Furthermore, they could potentially cause physical damage to servers through over-voltage or firmware bricking, and endless reboot loops that a victim organisation cannot interrupt.
“Lights out, indeed,” Eclypsium cautioned.
The firm said the fact that the threat actors had access to the same source code used in its research would make it a straightforward exercise to find these and other vulnerabilities.
“Of note, too, BMC firmware images can also be decompiled to sufficiently reveal the same vulnerabilities discovered in this research, even without direct access to source code,” Eclypsium said.
Eclypsium notified AMI of the vulnerabilities before publishing its findings.
AMI created firmware patches to address the flaws, and customers must install them to ensure they are protected.
Loading ...