Another risk from Russia

Not long ago, researchers at Eclypsium got a lucky break.  An unknown and unidentified individual began leaking communications from inside the Conti ransomware organization.

These leaked communications confirmed what has long been suspected:  That there are strong ties between the Conti gang and Russia's FSB (military intelligence).

This sounds like something right out of a spy movie, but it's not.  The leaked messages indicate that several members of the Conti gang have been actively working on developing a new attack vector that specifically targets Intel firmware, allowing Conti to launch its ransomware attack.  Some of the black hat developers even got as far as to develop a working proof of concept for others to review.

 

Firmware attacks are fairly rare, but they do happen

To pull it off, the attacker would first need to access the system via a conventional in-road.  For example, a phishing email where the victim would unwittingly give the hackers access, or perhaps by exploiting some other known vulnerability.

In one particularly exotic scenario, they could even make this attack work without prior access. They can do this by leveraging Intel's Management Engine to force the target machine to reboot, then supply virtual media to draw from on the reboot.

It's unlikely and would take a tremendous amount of skill, but Conti has shown in recent months that they have the expertise to pull something like that off.

Fortunately, word of the new attack vector has gotten out, the details have made their way to Intel, and Intel has updated their firmware.

 

My perspective

If you're using an Intel machine, you should grab the latest update as soon as possible.  Conti is a well-known, notorious gang with ties to Russia.  You don't want your company in their crosshairs, so do everything you can do to minimize that risk.

 

"Danger! Danger! Will Robinson"

 


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.

For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.

 

Contact me if you would like me to speak to your association