fbpx

F12 Blog

Has the IT Supply Chain Been Compromised?

Malware is One Thing But What About a Hardware Attack?

Did malicious chips wind up on the motherboards of servers used by major corporations?
Did foreign spies place malicious chips on the motherboards of servers used by some large American corporations? If it happened, it could expose data on those servers to outsiders. Compromising systems anywhere before delivery to the final consumer is a supply chain attack.

Supply Chain Hack - Malicious Chips on Motherboard

Bloomberg BusinessWeek reported on October 4 that malicious chips had been inserted on server motherboards when those motherboards were manufactured at subcontractors’ factories in China. Bloomberg’s sources believe a unit of the People’s Liberation Army may have inserted the malicious chips.

The exploit reported by Bloomberg allegedly reached almost 30 companies, including Apple and Amazon Web Services. Apple and Amazon both vehemently denied finding any compromised servers or malicious chips, as did server maker Super Micro. A Bloomberg follow-up on October 9 said that another exploit had been found and removed from an ethernet connector on a server at an unnamed large U.S. telecommunications company.

Should We Worry About the IT Supply Chain?

At this point, we don’t know what, if anything, happened to Super Micro’s servers.

What we do know is that concerns about the IT supply chain are not new.  Recently, Australia and the USA banned technology from China’s ZTE and Huawei from critical infrastructure over such concerns.  There are plenty of examples of software hacks introduced into the supply chain. And, we know state security agencies intercept and compromise equipment in transit. Yet, malicious chips inserted at manufacture is a whole new level of subterfuge.

You might not worry about hardware attacks.  And, you may not be a likely target for state or industrial espionage, depending on what industry you’re in.  However, you might need to know that your vendors and service providers are secure. In turn, your customers might need assurance that information you store about them is secured against penetration. That’s where F12.net comes in.

F12’s IT Security Posture

As with physical safety, you can never be 100% secure.  However, you can be vigilant about threats, selective about partners and products, and meticulous about validation.

Anywhere F12 is providing its latest generation Hardware-as-a-Service solution, F12 Plus, it uses the HP Elite line exclusively for desktop and portable computing. HP’s designed the Elite series to protect businesses from the evolving range of threats to data and other security concerns. “Every PC decision is a security decision,” HP says on its website. HP provides “The world’s most secure and manageable PCs and Workstations.”

F12’s leverages secure Dell servers in its data centres and uses HP Enterprise Nimble Storage, which uses flash storage and encryption to protect data.

Further, F12 conducts ongoing vulnerability assessments, hires third-party penetration testers, and has a 24X7 Security Operations Centre review and respond to security logs and events.  In addition, F12 undergoes annual external SOC 2 Type 2 auditing. Finally, F12 offers F12 Secure to organizations seeking to assess and/or elevate their IT security.

Book a Consultation

Complete the form below, and someone from our staff will be in contact with you soon to book your consultation.