Over the past several weeks, Eclypsium researchers have been closely monitoring an incident involving Micro-Star International (MSI) and likely breach of sensitive product data. MSI has provided few details publicly. However, information obtained by Eclypsium researchers indicates that a new ransomware operator known as Money Message has likely stolen 1.5TB of data including MSI source code, BIOS development framework, and private keys needed to sign modules.
This means that not only is MSI at risk, but these risks are greatly magnified by the critical role that MSI plays in the global technology supply chain.
Please check for subsequent posts as more information becomes available.
Status Update for April 21, 2023:
Eclypsium has completed analysis of 230,000 of MSI firmware binaries. The analysis was designed to discover techniques used by firmware-based malware over the last 8 years. At the time of writing, no evidence of malicious implants was discovered in the official update images from msi.com. More details in part 2 of this blog.
April 19, 2023 Updates
- We have completed deep binary analysis methods over the entire dataset of MSI updates (over 230,000 binaries). These methods cover techniques used by UEFI malware over the past 8 years. As of the time of writing, no evidence of malicious implants was discovered in official update images from msi.com.
- As we previously discovered in 2018, we knew that MSI firmware updates were not signed. We have re-confirmed this analysis and also discovered that firmware updates for the Embedded Controller were not signed as well. This simply reinforces the issues discussed below.
We have organized this blog into the following sections, and you can jump to our recommended actions using the links below:
OVERVIEW OF THE SITUATION
Sources close to the matter originally observed chats between MSI and a new ransomware group known as Money Message. Knowing Eclypsium’s expertise, the researcher reached out to notify us on March 27th, and we have been tracking the situation since.
This is a serious event for several reasons. Attackers will be able to develop malicious UEFI firmware, insert backdoors into source code, or compromise infrastructure used by many people around the world. As anyone who has followed our research over the years will know, malicious firmware is probably the most high-impact threat to affect a physical device – allowing the attacker to control everything on the device, and if desired, completely destroy the device. Similar attacks from the past include SolarWinds, ShadowHammer, and NotPetya.
MSI bills itself as “the world leader in motherboard design”, and is easily one of the top motherboard manufacturers in the industry, providing motherboards used in millions of laptops and servers. This is an important point because while MSI computers are quite popular with gamers, their motherboards can be found in many other environments like enterprise workstations and cloud data centers.
Armed with the ability to develop and install seemingly valid MSI system firmware, there are several scenarios that attackers can use to deliver malicious UEFI images.
- Malicious updates – By using the private signing keys, attackers can produce malicious updates that appear to be valid. Downstream victims (customers) would be unlikely to detect such tampering.
- Compromise source code – Attackers can implant malicious code within the MSI source code or build the system itself to insert an implant or backdoor within the compiled image. This would be akin to the supply chain attack against SolarWinds in terms of its scope and the number of potentially affected targets.
- Compromise supply chain partner – With the ability to update firmware, an attacker can replace valid firmware with a malicious image at any partner (eg. wearhouse, retailer, or distributor) that has physical access to the device. Similarly, breached infrastructure may have additional access to partner networks, enabling lateral movement.
- Delivery by malware – Malware such as Trickbot has previously targeted firmware as a way to escalate privileges on a device and maintain persistence. Likewise, the recently discovered BlackLotus UEFI implant has demonstrated the ability to evade SecureBoot protections on a device.
- Discovery of new vulnerabilities – By analyzing source code attackers can identify further vulnerabilities which can be exploited in the wild.
TECHNICAL ANALYSIS OF MSI FIRMWARE PACKAGES
Eclypsium has analyzed all the update packages publicly available from MSI, including more than
- 14,000 updates
- 3,000 models
- 230,000 UEFI binaries
The Eclypsium platform already parses these packages for analysis and connects them to risk/vulnerability information related to the upstream supply chain. We were able to confirm that about one quarter of these update packages were unmodified from earlier downloads before this incident.
Looking at when these were released, we see an uptick in the number of updates last month (March 2023). The highest ever release was in 2017 after Meltdown and Spectre shook the industry. This constitutes the second largest update delivery from MSI, and it happened right before this incident.
One way to decide if this is significant might be to examine this against the relative volume of updates we see from other OEMs during the same interval. Here’s what we see over the industry:
Since the timing is not conclusive by itself, we need deeper analysis on the content of these updates before drawing any conclusion. This is under continuing investigation.
Firmware Security and Signature Checks
Many of the firmware update applications do not have standard digital signatures. This will cause warning messages on Windows, which normalizes reduced security and discourages updating in general.
With that background, it is also interesting to find MSI updates being performed with a UEFI Shell application and script.
This usually implies that any privileged application can rewrite the critical system firmware on the corresponding device. We have written about this attack vector before, and malicious actors are looking for just this sort of vulnerability. If all of these devices lack basic protections on firmware storage, the signatures might be irrelevant to attackers, anyway.
Preliminary Conclusions
Let’s revisit the attack scenarios from the beginning of this blog, and consider how much additional risk we anticipate the ongoing situation will introduce for MSI-based devices based on the information we have found.
- Malicious updates [little/no increased risk] – Many of the updates are not signed anyway, and that constitutes the most significant risk regardless of this ongoing situation.
- Backdoored source code [serious increased risk] – Once attackers are inside the development and release process, it can be very difficult to be sure they are gone. Right now, we’re unable to conclusively say much about what might be altered, and the changes may not have happened yet. This requires additional research.
- Compromise supply chain partner [serious increased risk] – As with the compromise of source code, it is difficult (especially from outside) to determine how an attacker has moved around the compromised environment. We will want to continue watching organizations related to MSI for unexpected changes.
- Delivery by malware [little/no increased risk] – While we don’t foresee much increased risk of firmware implants delivered by malware due to this situation, that should bring no comfort due to the high level of inherent risk for the affected devices. Lack of signatures and firmware protections on so many MSI boards leaves these systems wide open to attacks that are difficult to detect without specialized tools.
- Discovery of new vulnerabilities [moderately increased risk] – Leaked source code always makes it easier to find vulnerabilities. While another leak meaningfully adds to the body of knowledge, the critical lack of firmware protections eliminates the need for additional vulnerabilities on many of these devices.
WHAT ORGANIZATIONS NEED TO DO
Given the serious risks involved, organizations need to take actions to understand their potential exposure and to protect their assets going forward. Even though Money Message has not released the source code as of the time of writing, this information is still in the hands of a threat actor and organizations should prepare accordingly. We recommend organizations take the following steps, and we will update these recommendations as more information becomes available.
- Identify All Devices With MSI Components – Organizations should closely monitor their laptops, desktops, and servers to identify all devices that contain MSI motherboards. Look for unexpected changes to firmware or behavior.
- Only Apply Firmware Updates That Are Verified to be Authentic – Until further analysis is complete, we are considering recent firmware updates from MSI to be suspect. The lack of signatures and possible compromise of key material makes verification even more difficult. A temporary approach might be to prefer older firmware releases that were downloaded before the breach or defer updates until the situation is resolved.
- Verify MSI Firmware Images Currently Running on Devices – Organizations should compare their MSI firmware to verify that it matches the valid firmware previously released by MSI. Since many of these platforms lack firmware protections, this is essential in order to detect the presence of any malicious firmware that may have already been installed.
- Monitor All MSI Firmware for Changes in Integrity – Organizations should set baselines for their MSI firmware and be alerted to any unexpected changes. Firmware code should only change during scheduled updates, and other changes would be a sign of a potential compromise.
- Monitor MSI Firmware Behavior for Anomalies – Organizations should monitor their MSI firmware for any unexpected behaviors. Firmware behavior is normally quite predictable and any changes should be investigated as a potential sign of compromise. This type of analysis is critical for detecting a supply chain attack similar to the one that targeted SolarWinds where valid code officially released by a vendor was compromised.
Eclypsium’s Supply Chain Security Platform can automate these and many other security best practices. Non-Eclypsium customers can also consider other options such as the open-source CHIPSEC platform as well.
This situation remains quite fluid and our research team will continue to provide additional details and guidance as we learn more. If you have any questions, please contact the Eclypsium team at [email protected].
