A recent ransomware attack on Applied Materials will reportedly cost the company a quarter of a million dollars in total, and appears to have originated from a business partner. Applied Materials did not name any names in the supply chain attack, but a February 3 incident at one of its suppliers may be related.
Supplier MKS Instruments reported a ransomware attack that it said would impact shipments; Applied Materials also said that its own shipments could be held up by its incident. The MKS breach looks to be part of the string of thousands of attacks on unpatched VMware ESXi servers that have been unfolding as of late.
Semiconductor giant suffers expensive ransomware attack
Ransomware attacks on semiconductor companies have quietly become a serious cybersecurity issue, with an uptick seen in 2022. Disruptions to production and shipping could create havoc in a wide variety of industries, given that nearly everything runs on electronic components with chips at this point.
Semiconductor production is also becoming an issue of national security around the world. The vast majority of manufacturing operations are based in China or Taiwan; countries are increasingly distrustful of the former, and not entirely sure that the latter will continue to be available in the long run. Hackers are eyeing any vulnerabilities as countries make plans to fire up domestic production, and supply chain attacks are one of the first things they look at.
Compromises of this sort can also be incidental when it comes to supply chain attacks, as one of the hottest targets for both criminal groups and state-backed spies are service providers that have privileged access to many downstream clients. That could mean either direct access to their systems, or the possibility of slipping malware into a trusted update (as was seen in the SolarWinds incident). It could even mean compromise of an open source component that is widely used (as was seen in the Log4J incident).
Supply chain attacks difficult to defend against
MKS Instruments is scheduled for a quarterly earnings call on February 28 that may provide more information, but for now the company has said that the Vacuum Solutions and Photonics Solutions divisions were hit by ransomware and that some order processing and shipping may be delayed.
The incident has also been tied to the global outbreak of attacks on unpatched VMware ESXi servers, a simple but well-organized campaign that has racked up thousands of victims at this point. Supply chain attacks continue to haunt organizations as all it takes is one partner with some sort of access to internal resources that is not keeping up with all of their patching; in this case, the vulnerability in question has been patched since early 2021.
Supply chain attacks are a frequent cause of ransomware and data theft, but continue to be something of an intractable problem for organizations due to the fact that partners can only be nudged toward compliance (and security hygiene) via contractual obligation or the threat of lost business.