Serviceteam IT Security News

The vast majority of the world’s semiconductor companies have glaring security gaps which may have already been exploited by threat actors, according to a new study from BlueVoyant.

The security services firm appraised the security posture of the 17 most prominent players in one of the globe’s most strategically important supply chains. These included companies in Asia, Europe and the US such as “fabless” chip designers, semiconductor software designers, manufacturers of equipment that fabricates semiconductors, foundries, and integrated device manufacturers (IDMs).

BlueVoyant said its data came from “publicly available and proprietary datasets and tools over a 30-day period.”

The report revealed some surprising lapses in security, considering the quality of the IP at stake and the potential impact a successful ransomware attack could have on production.

Nearly all (94%) of the companies studied had open, at-risk ports, while a quarter (24%) had open RDP ports, one of the top vectors for ransomware. A similar number had open authentication ports (24%) and open datastore ports (18%) were also commonplace.

What’s more, 88% of the companies demonstrated evidence of high-severity vulnerabilities which could allow attackers to gain a foothold into systems.

This matters, because 100% are already experiencing inbound targeting and 88% were being targeted by IPs associated with ransomware. A further 94% showed evidence of brute-force attacks.

In some cases, the report may be too late to stop breaches: over three-quarters (76%) of chip companies studied presented evidence of outbound traffic to known malicious infrastructure. This indicates that the organizations in question may already have been compromised.

BlueVoyant argued that such attacks are preventable if companies proactively scan for and patch vulnerabilities, close open high-risk ports and monitor internal traffic for signs of compromise.

“Our digital economy hinges on the availability of semiconductors and so does any digital transformation going forward,” the report warned. “While high volumes of targeting are not necessarily a surprising discovery, the widespread lack of adequate protections against such targeting certainly is.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *