Archive for Hacked

Independent Living Is Largest Healthcare Hack of 2023 – SO FAR

Posted in Commentary with tags on March 17, 2023 by itnerd

On March 14th, Miami based Independent Living Systems (ILS) disclosed a healthcare data breach that impacted more than 4 million individuals, the largest reported healthcare data breach of 2023, so far. More on the so far part later.

Hackers were in their network from June 30th to July 5, 2020, when the company discovered that its network was accessed and employee data had been exfiltrated. Here’s a snippet of what the data breach notice said.

On July 5, 2022, ILS experienced an incident involving the inaccessibility of certain computer systems on its network. ILS responded to the incident immediately and began an investigation with the assistance of outside cybersecurity specialists. Through our response efforts, ILS learned that an unauthorized actor obtained access to certain ILS systems between June 30 and July 5, 2022. During that period, some information stored on the ILS network was acquired by the unauthorized actor, and other information was accessible and potentially viewed. Upon containing the incident and reconnecting its computer systems, ILS conducted a comprehensive review to understand the scope of potentially affected information and identify the individuals to whom such information relates. ILS received the results of this review on January 17, 2023, and then worked as quickly as possible to validate the results and provide notice to potentially impacted individuals and entities. 

The types of impacted information varies by individual and could have included: name, address, date of birth, driver’s license, state identification, Social Security number, financial account information, medical record number, Medicare or Medicaid identification, CIN#, mental or physical treatment/condition information, food delivery information, diagnosis code or diagnosis information, admission/discharge date, prescription information, billing/claims information, patient name, and health insurance information.  

But the part that catches my attention is this:

ILS previously notified potentially affected individuals on September 2, 2022 by posting a preliminary notice of this data event on its website. Additionally, ILS previously provided preliminary notice to its primary state and federal regulators. Now that its review and validation efforts are complete, ILS is notifying potentially affected individuals via this media release, posting supplemental notice on its website, and mailing letters to potentially affected individuals for whom ILS has address information. ILS is also providing supplemental notice to its primary state and federal regulators, initial notice to certain additional state regulators (as required), and initial notice to the three major consumer reporting agencies (i.e., Equifax, Experian, and TransUnion). 

Yeah, it took over six months to identify and notify victims. #Fail.

Tim Schultz, VP, Research & Development at SCYTHE had this to say:

   “Healthcare data – the most treasured record in the Underground Economy.

   “The healthcare industry is going to continue to be targeted by threat actors and I don’t see it stopping anytime soon. Similar to other industries where more restrictive cybersecurity controls may have a broader business impact, cybersecurity maturity lags behind. Since medical information can be leveraged in future attacks against individuals either for social engineering or extortion, the data stolen will be valuable for a long time.”

Healthcare is a huge target for threat actors as evidenced by these major breaches:

•    February, Heritage Provider Network – 3.3 million patients
•    February, Community Health Systems – 1 million patients
•    March, Cerebral – 3.1 million patients

The take home message here is that the healthcare sector needs to up its game to stop this from happening over and over again. Because with the scale of hacks that we see in this sector, there clearly isn’t enough being done to safeguard data.

Acer Gets Pwned…. But The Company Downplays Extent Of The Hack

Posted in Commentary with tags , on March 9, 2023 by itnerd

This is not a good look for computer maker Acer. The company has confirmed that they have been pwned by hackers:

Acer has confirmed someone broke into one of its servers after a miscreant put up for sale a 160GB database of what’s claimed to be the Taiwanese PC maker’s confidential information.

“We have recently detected an incident of unauthorized access to one of our document servers for repair technicians,” an Acer spokesperson told The Register on Tuesday. “While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server.”

According to a Monday post on cyber crime hangout BreachForums by a rapscallion going by the name Kernelware, the “various confidential stuff” allegedly stolen from Acer totals 160GB, including 655 directories and 2,869 files.

Kernelware claimed the stolen goods included confidential slides and presentations, staff technical manuals, Windows Imaging Format files, binaries, backend infrastructure data, confidential product documents, Replacement Digital Product Keys, ISO files, Windows System Deployment Image files, BIOS components, and ROM files.

“Honestly, there’s so much shit that it’ll take me days to go through the list of what was breached lol,” Kernelware bragged. 

This data is now up for sale. But the thing is, I am not a believer that customer data is not part of that. Because LastPass said something similar when they got pwned, and we all know how that ended.

Tim Schultz, VP of Research & Engineering at  SCYTHE:

   “As companies shift away from paying ransoms, threat actors are adapting by increasing their focus on IP data theft to increase the potential business impact of each compromise. In the near term, we’ll see the same playbook similar threat actors have taken upon stealing IP and attempting to monetize it.

   “A longer-term challenge for Acer is that the internal information stolen included data on tools and infrastructure that can aid future threat actors. Asset inventory is a challenge for most organizations, and policies around technology business operations can be very difficult to change quickly in the event a threat actor is able to identify a vulnerability.”

Hopefully Acer is transparent about what was and wasn’t stolen during this hack. Because until they are transparent about this, I am really thinking that they are downplaying how serious this hack is.

Play Ransomware Gang Claims Responsibility For Pwning The City Of Oakland

Posted in Commentary with tags on March 4, 2023 by itnerd

In a Tweet last night, security researcher Dominic Alvieri posted a copy of the Play ransomware gang’s dark web posting threatening to publish the City Of Oakland’s data of 3/4/23, which is today. The posting was listed as of March 1st. So they got just three days’ notice to pay the ransom.

The city of Oakland first experienced the ransom attack in on Feb 14th and according to their latest status report on February 28th, city services remain primarily unchanged.

The gang claims to have stolen documents contain private data including financial and government papers, identity documents, passports, employee data and information regarding human rights violations. They’re attempting to use this data to get the administration to meet their demands and pay the ransom.

Ted Miracco, CEO of Approov Mobile Security had this to say:

The recent ransomware attack on the city of Oakland is a concerning issue, and we expect to see more attacks like this on Government offices, as they are quite vulnerable. The potential implications of giving in to these demands could encourage more cyberattacks on other cities and organizations, as hackers may see it as a profitable way to extort money. The fact that the gang claims to have access to sensitive information such as financial and government papers, identity documents, passports, and employee data is alarming.  However, the city of Oakland and other organizations must prioritize the security of their computer systems and data to prevent future attacks. Hopefully, the authorities can track down and bring the hackers to justice while also ensuring the safety of the stolen data.
 

David Mitchell, Chief Technical Officer of HYAS followed up with this comment:

   “This ransomware group likes to start by using remote code execution (RCE) attacks on Exchange servers to gain access and then deploy their ransomware. If that was the case with Oakland, not only do they need a protective DNS solution to prevent the outbound communications from the malware but they may have failed to update vulnerable software on internet facing systems, making this even easier than using email as the initial infection vector. If this was an RCE on Exchange, a protective DNS solution would have quickly identified and blocked the malicious DNS transactions and contained the problem to the initial infection vector.”
 

Morten Gammelgaard, EMEA, co-founder of BullWall had this comment:  

   “The ransom attack on the City of Oakland not only disrupted city services, but as is always the case in such events, the attackers have obtained private data, including financial and government papers, identity documents, passports, employee data, and information regarding human rights violations. Data breaches and identity theft resulting from such attacks cause significant harm to individuals and organizations alike. In this case, the attackers are using the stolen data as leverage to demand a ransom payment from the city, which could result in further financial loss and reputational damage.

   “In addition to the city services being out for a week prior to IT restoring access, the potential long-term impact of the attack on the city’s infrastructure and security cannot be ignored. For some companies, a week of downtime would be significant loss of revenue or worse yet, imagine if that was a hospital that was down for 6 days!

   “This incident underscores the importance of implementing robust cybersecurity defenses, including response and containment measures to safeguard against such attacks, as there is no end in sight to these sorts of attacks.”

I for one will be interested to see if this gang gets anything out of this, and if they follow through with their threat to release the data. Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages ransomware gangs to target more victims and offers an incentive for others to get involved in this type of illegal activity. So this will be interesting to watch.

UPDATE: Darren Williams, CEO and Founder, BlackFog added this comment:

     “As cyber adversaries continue to focus on making the biggest impact by affecting the most people, it’s unsurprising that the public sector and government remains a compelling target. In 2022 for example, our State of Ransomware report observed a 17% increase in reported governmental cyber-attacks.

City councils and governments need to re-prioritize their cybersecurity as clearly, this isn’t an issue that will just go away. The effect of the attack on the City of Oakland last month appears to only now be setting in, as the stolen personal data of city workers have begun to be leaked by the attackers. 

Moreover, hackers often favor weekends and holidays to launch attacks, when the majority of employees are out of office, so newer technologies that focus on automated prevention 24/7 must be added to the security stack.”

U.S. Marshalls Get Pwned Rather Than Getting Their Man

Posted in Commentary with tags on February 28, 2023 by itnerd

The U.S. Marshals Service who are better known for getting their man is now known for being pwned in a ransomware attack:

In a statement Monday, U.S. Marshals Service spokesperson Drew Wade acknowledged the breach, telling NBC News: “The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.”

Wade said the incident occurred Feb. 17, when the Marshals Service “discovered a ransomware and data exfiltration event affecting a stand-alone USMS system.”

The system was disconnected from the network, and the Justice Department began a forensic investigation, Wade said.

He added that on Wednesday, after the agency briefed senior department officials, “those officials determined that it constitutes a major incident.”

Even if this was a stand alone system, this is still pretty bad. Though it looks like at first glance that this was contained. However there was data theft. And some sensitive stuff was stolen.

Jan Lovmand, CTO of BullWall had this to say:

   “Even organizations with extensive resources and expertise fall victim to ransomware attacks. The U.S. Marshals Service (USMS) is responsible for catching fugitives and handling federal prisons in the US and has all the resources of the US government at their disposal. Not unlike the cyber attack on the FBI’s New York Field Office last week, they are a high government profile target and not immune to determined malicious hackers. 

   “In addition to the theft of highly sensitive information, these ransomware attacks can cause significant operational disruption. The U.S. Marshals Service’s system contained sensitive information, including returns from legal processes, administrative information, and PII of USMS employees and subjects of investigations. 

   “Containment and after-action strategies are crucial for all organizations to mitigate the risks associated with ransomware attacks. Organizations must have a response plan in place to contain the attack, preventing further damage, as well as a strategy for recovery and restoration of data and systems. These plans should be regularly updated and tested to ensure their effectiveness.”

This incident is pretty bad and hopefully there’s a root cause analysis to allow this agency to ensure that this never happens again.

LastPass Admit That They Have Been Pwned Yet AGAIN

Posted in Commentary with tags , on February 28, 2023 by itnerd

LastPass has notified customers of a second attack which resulted in the breach of encrypted password vaults. This second incident, resulting in the threat actor making use of information exfiltrated during the first incident to exfiltrate corporate data from cloud storage resources, was caused by one of their DevOps engineers’ personal home computers being hacked. 

Sharon Nachshony, Security Researcher at Silverfort had this to say:

     “Given the number of people who rely on LastPass it’s easy to pass quick judgment on back-to-back incidents, however, what this really shows is the difficulty of detecting attacks that use seemingly legitimate, yet stolen, credentials. By obtaining these credentials, the threat actor was able to masquerade as a highly trusted user, giving them the freedom to pivot into the cloud storage environment.  

The corporate vaults holding privileged credentials often become a single point of failure. Given enough reconnaissance time a motivated attacker will try to understand how to compromise such vaults because, once they have such credentials, it’s like having a VIP pass to corporate resources. In the case of this attack, an additional layer of MFA to authenticate into the cloud storage environment may have provided additional protection.”

If you’re a LastPass user, the company strongly advises you to change all your passwords stored on the platform. The master password for the LastPass vault should also be changed. But if you’re asking me what you should do, I would suggest dumping LastPass completely on top of changing all your credentials immediately. It’s pretty clear that LastPass isn’t secure based on their recent history of being pwned, and has no path to become secure anytime soon. Thus moving your passwords off their service with urgency is your best course of action.

TELUS Has Apparently Been Pwned With Source Code & Employee Data Swiped…. Along With The Threat Of SIM Swap Attacks Surfacing

Posted in Commentary with tags , on February 26, 2023 by itnerd

Bleeping Computer is reporting that Canadian telco TELUS has apparently been pwned by hackers:

Canada’s second-largest telecom, TELUS is investigating a potential data breach after a threat actor shared samples online of what appears to be employee data. The threat actor subsequently posted screenshots that apparently show private source code repositories and payroll records held by the company.

TELUS has so far not found evidence of corporate or retail customer data being stolen and continues to monitor the potential incident.

This is a concern for not only TELUS employees, but customers as well for this reason:

The seller further boasts that the stolen source code contains the company’s “sim-swap-api” that will purportedly enable adversaries to carry out SIM swap attacks.

That’s bad as SIM swaps could lead to the take over of any accounts that requires SMS two factor authentication. Social media accounts and bank accounts are two examples of this. Which makes this very bad if this is true. Now TELUS for its part had this to say:

“We are investigating claims that a small amount of data related to internal TELUS source code and select TELUS team members’ information has appeared on the dark web,” a TELUS spokesperson told BleepingComputer.

“We can confirm that to this point our investigation, which we launched as soon as we were made aware of the incident, has not identified any corporate or retail customer data.”

I have to wonder if that statement will change when the full extent of this breach becomes known. But in the meantime, if you’re an employee of customer of TELUS, it would be wise to be on the lookout for phishing or scam messaging targeting them. And if you’re a TELUS customer, now might be a good time to put a PIN on your account if you don’t already have one.

Dole Getting Pwned By Ransomware Is Just Bananas

Posted in Commentary with tags on February 24, 2023 by itnerd

Food giant Dole has disclosed that they have been hit by a ransomware attack. But only after the news hit the media. Let’s start with what Dole had to say

Dole plc announced today that the company recently experienced a cybersecurity incident that has been identified as ransomware.

Upon learning of this incident, Dole moved quickly to contain the threat and engaged leading third-party cybersecurity experts, who have been working in partnership with Dole’s internal teams to remediate the issue and secure systems. 

The company has notified law enforcement about the incident and are cooperating with their investigation.

While continuing to investigate the scope of the incident, the impact to Dole operations has been limited.

That’s your standard PR statement that basically says “nothing to see here, move along.” Except that CNN has a slightly different story:

A cyberattack earlier this month forced produce giant Dole to temporarily shut down production plants in North America and halt food shipments to grocery stores, according to a company memo about the incident obtained by CNN. 

The previously unreported hack — which a source familiar with the incident said was ransomware — led some grocery shoppers to complain on Facebook in recent days that store shelves were missing Dole-made salad kits. 

“Dole Food Company is in the midst of a Cyber Attack and have subsequently shut down our systems throughout North America,” Emanuel Lazopoulos, senior vice president at Dole’s Fresh Vegetables division, said in a February 10 memo to retailers. 

Dole has four processing plants in the US and employs more than 3,000 people, according to a recent company press release.

After CNN published this story on Wednesday afternoon, Dole spokesperson William Goldfield sent CNN a statement confirming that ransomware was the cause of the incident.

“The company has notified law enforcement about the incident and are cooperating with their investigation,” Dole’s statement said in part. “While continuing to investigate the scope of the incident, the impact to Dole operations has been limited.”

However, two grocery stores in Texas and New Mexico contacted by CNN on Wednesday said they couldn’t stock Dole salad kits on their shelves for days.

So much for “the impact to Dole operations has been limited.” This is a classic case of a company trying to keep the fact that they got pwned quiet, and then scrambling to explain getting pwned after the news gets out.

Morten Gammelgaard, EMEA, co-founder of BullWall had this comment:

   “When ransomware attacks force giant food processing operators like Dole to shut down production, the effects can ripple through the entire economy. Threat actors have significantly accelerated their deployment of ransomware, from an average of 60 days per attack in 2019 to less than four days in 2021, according to a recent IBM report. Even for large multi-national companies such as Dole, staying on top of network vulnerabilities and updating prevention based security constantly is very difficult.  You will be breached and you’d best be prepared.”

   “The Dole ransom attack highlights how the just-in-time nature of food supply chains makes them particularly vulnerable to financially motivated cyberattacks, like ransomware. As production and distribution are tightly coordinated to minimize waste and cost, any disruption caused by a cyberattack can have a ripple effect throughout the supply chain, leading to shortages and inevitable price increases.”

   “Should Ransomware slip through any of the multitude of potential weaknesses in small and large environments it is very important to have Ransomware Containment in place (not the same as ransomware prevention). It acts as a Last Line of Defense against “active” attacks – i.e. when encryption starts to corrupt your data as a fully automated response. It has saved many well-prepared organizations millions of dollars.”

Finally Darren Williams, CEO and Founder of BlackFog said this:

“Similar to other devastating ransomware attacks we have seen recently these attacks are highly targeted, and existing technologies are insufficient to cope with these modern attack variants. The speed at which attackers can breach and leverage a network infrastructure is now unparalleled with the time to deployment down from 60 days to less than 4 days. Detecting and responding to these events manually is no longer feasible for an organization. Focus must be around prevention and stopping data exfiltration before any damage can be done. “

Because Dole isn’t a small food provider, I would hope that the relevant authorities are investigating this because with threat actors targeting operations like Dole, one of these attacks could result in things going very badly for millions of people.

Activision Has Been Pwned As It Were A N00b Playing Call Of Duty

Posted in Commentary with tags on February 22, 2023 by itnerd

It appears that video game company Activision has been pwned by hackers. And this hack is really bad. Here’s a quick synopsis:

  • Sunday 2/19 – Cybersecurity research group vx-underground Tweeted screenshots of data purportedly stolen from Activision, including a content release schedule for Call of Duty.  “Activision did not tell anyone.”
  • Monday 2/20am – Insider Gaming said it confirmed the Activision data breach after obtaining “the entirety” of the stolen data (not published by vx-underground).
  • Monday 2/20pm – Nothing to see here: “Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed.” Activision confirmed to Bleeping Computer that their systems were breached through an SMS text phishing attack on an HR employee, gaining access to their Slack on December 2 and tried to trick other employees into clicking malicious links..
  • However, Insider Gaming claims to have reviewed the entirety of the stolen data, saying the data also contained sensitive employee information, including full names, emails, phone numbers, salaries, places of work, and more.

And seeing as they are being purchased by Microsoft, this could not have come at a worse time for the company. And Activision’s response to this has been, shall we say, sub-optimal.

David Maynor, Senior Director of Threat Intelligence at Cybrary had this to say:

   There is no one “SOP” for breaches. This timeline shows a typical public reaction to a breach. Some entity, in this case VX-Underground, notices something on a market and tells the world about it. Reporters that follow VX-Underground use it as a tip and suddenly the victims switchboard/email server gets loaded with requests for comment. 

   “There is also the fog of war effect where different people have different parts of a puzzle and make assumptions. This leads to different hot takes contradicting each other.

   “From the trial last year of the Uber CISO, Joseph Sullivan, we know that big corps can handle breaches differently. What I can say from personal experience is that the responses to questions as well as public statements are approved by if not written by a crisis communications team. The default response is deescalate, deflect, then deny. This is why the infosec community values technically insightful Root Cause Analysis (RCA) from a victim.”

Tim Morris, Chief Security Advisor, AMER at Tanium follows up with this:

   “There is conflicting information on this one. Specifically, about what was accessed /stolen. Regardless, the initial attack vector was a social engineered phishing/smishing attack, obtaining access via SMS / 2FA. Proving once more that SMS / 2FA isn’t the most robust form of authentications and other, stronger MFA methods should be used.

   “Also, training of users is still needed. Users should treat SMS messages with the same scrutiny as email phishing scams. Be wary of phone calls from “IT Support”. Unless initiated by the user, they should be suspect. Either ignore or call back to a known number. For SMS, ignore and never give out any 2FA codes sent via text.

   “Principle of least privilege needs to be implemented, so that if/when an employee’s account credentials are stolen the “blast radius” is small, i.e. what the attacker has access to is minimized. Threat hunting, good incident response, and monitoring are key to find these intrusions quickly, and limit their reach.

   “Have a good PR plan on what to do when a breach happens. This successful attack happened two and a half months ago, and is only public now because some leaked data was published on vx-underground.”

Given the profile of Activision who makes the Call Of Duty franchise, and their relationship with Microsoft, a lot of eyes are going to be on this one. If I were Activision, I’d be working very hard to find out what happened, what was stolen, and how to stop this from happening again. Then I would put all of that out in the public domain as quickly as possible. Because right now, Activision look like a bunch of n00bs.

GoDaddy Gets Pwned…. Again…. And This Time It’s Really Bad

Posted in Commentary with tags , on February 18, 2023 by itnerd

GoDaddy is saying that it suffered a data breach where unknown attackers stole source code and installed malware on its servers. GoDaddy discovered the breach in early December of 2022 following customer reports the domain is being redirected but apparently the attackers had access to the network for multiple years. Which of course is bad. Very bad.

What’s worse is that by my count, this is the third time that GoDaddy has been pwned. The first was in 2020, the next one was a year later, and now this one. If I am a GoDaddy customer, I’d be very concerned.

Brad Hong, Customer Success Lead at Horizon3ai had this to say:

   “Beyond all the buzzwords in the breach notification, at the core, the attackers didn’t “hack” their way into GoDaddy, but rather used known compromised credentials to log in and leave vectors for reentry.

   “Supply chain management has gotten immensely more complex as any company providing any service to any internet user, especially with the increasing use of infrastructures-as-a-service, is now a part of this often omitted evaluation. This includes web hosts like GoDaddy and WordPress and picking vendors based on their security efforts, usually out of expertise for the layman.

   “This supposed multi-year advanced persistent threat actor group remained undetected for so long following remediation and mitigation measures from GoDaddy’s numerous past data breach incidents. Was it that this APT Group was that skilled or that GoDaddy’s security is that bad?

    “The call for Federal-level legislation comes from a place of frustration from the consumer-level as virtually no persons are now untouched by data breaches and the pressure continues to build in an already whistling kettle of company apologies.

   “Companies collect, digest, and even sell our data as data custodians, right up until they lose it and with little incentive or punishment for improvement, or lack thereof, consumers are going to continue to see more incidents like this and the impact will only get worse.

   “As standard, GoDaddy pushed the onus for action right back to its consumers, advising them to audit their own websites and trust GoDaddy’s security team after trust was broken, all while offering them free “Website Security Deluxe and Express Malware Removal” services instead of fortifying their own kingdom time and time again. Maybe they should’ve used it themselves?

   “Every organization takes on the responsibility of serving as a protector of data when a person does business with them and as such should continuously be validating their security controls and tools through testing, from every perspective and blast radius, and ensure blue teams are not at max capacity just playing whack-a-mole but making valiant strides to future-proof the security stack.”

I think the message here is clear. If you’re a GoDaddy customer, I would strongly consider hosting with another provider. Clearly GoDaddy has security issues that they can’t fix, and they’re leaving to their customers to keep themselves safe. Which is a #fail all day and every day.

Supply Chain Attack Costs $250 Million

Posted in Commentary with tags on February 17, 2023 by itnerd

Applied Materials is saying that a breach at one of its suppliers would cost them $250 million in sales in the second quarter:

In the second quarter of fiscal 2023, Applied expects net sales to be approximately $6.40 billion, plus or minus $400 million, which includes ongoing supply chain challenges and a negative estimated impact of $250 million dollars related to a cybersecurity event recently announced by one of our suppliers. Non-GAAP adjusted diluted EPS is expected to be in the range of $1.66 to $2.02.

A clue was dropped in the earnings call:

“Very recently, one of our major suppliers encountered a disruption that will impact our second-quarter shipments,”

Though not named in the announcement, the supplier is believed to be MKS instruments of Andover MA. MKS instruments was hit by a cyber-attack on February 3rd. The attack caused the company to shut down operations at certain facilities while it tries to assess the damages. The company’s website was still down as of Thursday afternoon. The company has had to reschedule its fourth quarter earnings call and said the ransomware event had a material impact on its “ability to process orders, ship products and provide service to customers” in its vacuum and photonics divisions.

Here’s the connection between the two. In addition to Applied Materials, MKS supplies the world’s largest chip manufacturers with products, including Samsung Electronics and Taiwan semiconductor manufacturing the world’s two largest chip makers. Intel and ASML Holding NV are also customers. Meaning that this is very, very bad for a whole lot of people.

Ted Miracco, CEO, Approov:

   “The semiconductor supply chain remains one of the most complicated and most critical supply chains that underpin the entire global economy. As we witnessed last year, interruptions in the semiconductor market can have long term consequences that impact everything from automobiles to the price of food. 

   “With the ongoing “Chip War” between the US and China, we should expect more disruptions like this in the future, and quarterly earnings should be the least of our concerns. These attacks on the semiconductor supply chain deserve a lot more attention than the latest balloon incidents.”


Monti Knode, Director of Customer Success, Horizon3.ai:   

   “It’s interesting that MKS called out “had a material impact”, almost like they had to announce and clarify that a cyberspace attack could and did have a tangible outcome. We’re seeing this realization more in both public and private industry, especially in our Department of Defense which viewed as cross-domain operations; Russia has been doing this for years, and now the world is seeing it live in Ukraine and even here in the US (ref https://www.mirror.co.uk/news/us-news/breaking-russian-hackers-target-hospitals-29053567).

   “The days of presuming this to be an IT or cybersecurity problem are long gone.”

This is a clear example of what a supply chain attack can do to you if you and your partners aren’t careful. Thus you and those you work with have to make sure you’re on the same page from a cybersecurity standpoint. Otherwise, this is the sort of thing that can happen to you.