'Gigabyte Driver Used to Disable Antivirus Software in RobbinHood Ransomware Scheme' - Tom's

[UsandThem]

https://www.tomshardware.com/news/robbinhood-ransomware-gigabyte-driver-cybersecurity-malware

Gigabyte shares part of the blame for initially dismissing the vulnerability in 2018, when security researchers first reported it to the company. The public eventually put enough pressure on Gigabyte that it acknowledged the flaw.

However, instead of releasing a patch to fix the vulnerability for its older motherboards, the company discontinued support for that driver. This poor judgement on Gigatebyte’s part has now allowed attackers to weaponize its unpatched driver.

Another party responsible, Sophos said, is Verisign. Two years after Gigabyte discontinued its driver, it's still “trusted” by the Windows OS and many antivirus programs by default due to Verisign failing to revoke its signing certificate. This has allowed attackers to take advantage of the trusted driver to install another unsigned driver on the victims' machines.

Pretty sloppy on Gigabyte's part, and the software side of their company is why I abandoned their products after using them for so many years. From the 2018 article linked in the Tom's story really says it all when it comes to Gigabyte's viewpoint on anything outside of hardware: https://www.bleepingcomputer.com/ne...n-code-execution-vulnerabilities-pocs-galore/

He disclosure timeline in SecureAuth's advisory indicates that GIGABYTE did not address any of the issues mentioned above, despite receiving a technical description and the demo exploit code.

In May 2018, "Gigabyte Technical support team answered that Gigabyte is a hardware company and they are not specialized in software. They requested for technical details and tutorials to verify the vulnerabilities," SecureAuth discloses.

The last answer received from the hardware company dismissed the vulnerabilities completely, as "Gigabyte responded that, according to its PM and engineers, its products are not affected by the reported vulnerabilities," SecureAuth says.

 

[esquared]

I've used a lot of gigabyte boards in the past.
I may have to rethink that.

 

[VirtualLarry]

Harumph. Looks like I'll be replacing my two Gigabyte AM4 boards in service, with some ASRock or Asus boards. Maybe X570-E Rog Strix from Asus, if I can pony up the big bucks, or maybe X570 Phantom Gaming 4 from ASRock, if I go the budget route. Kind of undecided right now.

Edit: I've already switched from A-Data to Team Group for my flash drive and SSD needs (well, along with Crucial and Samsung, for higher-end builds), after that SNAFU with A-Data sending people the SX8100 NVMe SSD to people that ordered the SX8200 over BF and Christmas, and they ran out, and substituted an inferior drive, allegedly without permission from the customer. (They allegedly sent e-mails out, but also, allegedly, send out the SX8100 if they didn't hear back from them.)

Edit: Gigabyte's AM4 mobo BIOS/UEFIs were always kind of poorly-done too.