A microchip planted by China on Supermicro motherboards used by organizations, including the CIA, the U.S. military, Amazon and Apple, left sensitive information vulnerable to hacking and underscores the importance of locking down the security of the supply chain whose vast tentacles reach out to touch organizations around the globe.
“It’s the equivalent of the Chinese putting their own Snowden in every agency and private company with elevated access and because it’s in hardware it be a nightmare to eradicate,” Brian Vecci, technical evangelist at Varonis, said, explaining that the hardcoded backdoor “gives an advanced threat persistent, privileged access to a variety of systems and data.”
It also pits not only government but private industry against nation-state actors. “The new and recent DHS alerts about the Chinese APT10 ‘RedLeaves’ cyberattack on cloud providers highlight the impossible problem faced by both enterprise and municipal government,” said CipherCloud CEO Pravin Kothari. “The impossible problem is that enterprise and government cannot face off against well-funded nation-state attackers or large scale organized crime. It is a ridiculous proposition to believe otherwise.”
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.