Another round of Malware, this time at TSMC

Taiwan Semiconductor Manufacturing Company (TSMC)—the world's largest makers of semiconductors and processors—was forced to shut down several of its chip-fabrication factories over the weekend after being hit by a computer virus.

The shutdown of TSMC was due to a variant of the WannaCry ransomware, which was first seen in May 2017 as a massive cyberattack.  The WannaCry ransomeware targeted Microsoft Windows based systems, encrypted the data, and then would demand payment to a bitcoin address or your data would be lost.  What made it worse is if you didn't pay within a certain amount of time, the price would go up.  Continue to not pay, your files will eventually be deleted.  It was nasty, and scared a lot of people.

According to TSMC, their computer systems were not directly attacked by any individual, instead the malware was installed "when a supplier installed tainted software without a virus scan".  The virus was quickly spread and hit facilities in Tainan, Hsinchu and Taichung, which are home to cutting-edge plants for Apple's semiconductors.  What makes this even scarier is the potential for malware to be placed on hardware prior to ever making it to Apple.  Just very recently, a China manufacturer was shipping USB Drives with Malware on them.  It's not too far a stretch to see where this may be going.  Instead of infecting individual computers with malware, why not infect the hardware prior to it even reaching the consumer?  Scary indeed!

No hacker targeted TSMC, Chief Executive Officer C. C. Wei said Monday, explaining that the infected production tool was provided by an unidentified vendor. *s

Though no hacker specifically targeted TSMC (allegedly), the previous thought about hardware shipping with Malware has been talked about before and is now becoming a real threat.

The outbreak comes amid a burst of alleged industrial espionage cases from China and the rising technology cold war between Beijing and Washington. Chips -- an essential component in every electronic device -- carry deep national security implications. Industry executives and investors worry that TSMC, a crucial player in the world's semiconductor supply chain, could become a target for hackers looking to steal vital technical details. *s

So where does this leave us?  Honestly, it's a really scary time for privacy and security on both a personal and corporate level.  Every time there's a data breach, we lose a little more of our freedoms.  Every time someone gets compromised, we lose even more of our freedoms.  Every time a major manufacturer gets breached like TSMC, that starts walking down a really dark road for the future of cyber security and general data security.  If they can install malware on USB Drives without you knowing until it's too late, imagine what a major chip manufacturer like TSMC who makes chips for high end clients like Apple would do with their hardware compromised before ever making it to Apple.