Conti ransomware has been discovered by Eclypsium researchers to have been creating exploits leveraging Intel firmware flaws, The Register reports.
Intel's Management Engine system had been targeted by a working proof-of-concept code developed by Conti over nine months ago, which could identify yet-to-be documented vulnerabilities and commands, according to an Eclypsium report based on leaked Conti documents.
Attackers could leverage the code to facilitate remote code execution, file deletion, persistence, and data exfiltration, as well as future ransomware deployment, without being detected by endpoint detection and response tools and antivirus systems. Even though the exploited flaws have been remediated by Intel, organizations' risk of being attacked remains elevated due to their inadequate chipset firmware updating practices.
"This can leave some of the most powerful and privileged code on a device susceptible to attack... We expect that these techniques will be used in the wild in the near future if they haven't already," said researchers.
Risk Assessments/Management, Breach, Ransomware, Threat Management
Intel firmware vulnerabilities targeted by Conti
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds