LockBit hits semiconductor manufacturer through a vendor.
LockBit demands $70 million from TSMC.
The LockBit ransomware group is asking for $70 million in exchange for not leaking data allegedly stolen from Taiwanese chip manufacturer TSMC, the Register reports. TSMC told the Register that one of its third-party equipment suppliers, Kinmax, was the source of the breach.
Customer and vendor on the breach.
SecurityWeek quotes TSMC as stating, “At TSMC, every hardware component undergoes a series of extensive checks and adjustments, including security configurations, before being installed into TSMC’s system. Upon review, this incident has not affected TSMC’s business operations, nor did it compromise any TSMC’s customer information. After the incident, TSMC has immediately terminated its data exchange with this concerned supplier in accordance with the Company’s security protocols and standard operating procedures. TSMC remains committed to enhancing the security awareness among its suppliers and making sure they comply with security standards. This cybersecurity incident is currently under investigation that involves a law enforcement agency.”
Kinmax said in a statement, “The leaked content mainly consisted of system installation preparation that the company provided to our customers as default configurations. We would like to express our sincere apologies to the affected customers, as the leaked information contained their names which may have caused some inconvenience.”
Industry comments on vendor relations and third-party risk.
Erich Kron, security awareness advocate at KnowBe4, offered the following observations:
“This could possibly be another one of those incidents where the troubles related to a vendor reflect poorly on a more well-known or larger organization and further outlines the need for third- and fourth-party supply chain security. It can be challenging to ensure that data handled by third parties is done so correctly and deleted when no longer needed. However, obligations should be in place through the contracts with these vendors to ensure the least amount of risk is present.
“The LockBit group's successful use of email phishing to spread their malware should be a lesson to organizations of all sizes about how important it is to address both the technical and human sides of the social engineering threats we continue to see. Email gateways and filters are a great technical help, and employee education and training can make a significant difference when dealing with the messages that get passed the technology.”
Marc Gaffan, CEO of IONIX, commented:
“Taiwan Semi is one of the largest, most important companies in the world. They have extremely robust security systems and procedures. Attackers understand this and use the supply chain as a way in, around those defenses. All it takes is one supplier to your organization to give attackers a way in. It’s time for businesses to gain visibility and control over their external attack surface.”