Tag Archive for: disruption

MKS Instruments warns disruption from ransomware attack will last ‘weeks’

/in


Disruption from a ransomware attack on a little-known supplier to the world’s largest semiconductor equipment manufacturers will continue into March, in a new setback to chip production after years of Covid-related delays.

US-based MKS Instruments told investors and suppliers this week that it had yet to fully recover from a “ransomware event”, first identified on February 3, in an attack that has strained supply chains for the global chip industry.

“We’ve begun starting up the affected manufacturing and service operations,” MKS chief executive John Lee said in a call with analysts and investors on Tuesday.

MKS’s customers include many of the largest companies that produce semiconductors and the specialised equipment necessary to manufacture them, including TSMC, Intel, Samsung and ASML.

The company had revealed on Monday that it could still take “weeks” more to restore operations and would cost hundreds of millions of dollars in lost or delayed sales. Most ransomware victims are able to recover in about three weeks, according to industry estimates.

The attack affected “production-related systems” as well as critical business software, MKS said earlier this month, forcing it to suspend operations at some of its facilities. The Massachusetts-based company makes lasers, vacuum systems and other specialised equipment vital to chip manufacturing.

Lee has said the attack “materially impacted” its systems, including its ability to process orders and ship products in its two largest divisions, photonics and vacuum.

After delaying publication of its latest financial results, which were released on Monday, the company has now told the US stock market regulator that it is unable to file its annual report on time. Missing the extended deadline could result in a fine.

Its forecast of “at least” a $200mn hit to its current quarter’s revenues is about a fifth of the $1bn in sales that it had forecast before the attack. Analysts at Cowen, a broker, estimate the final impact on quarterly sales could total as much as $500mn — more than half what Wall Street had previously predicted.

“The full scope of the costs and related impacts of the incident has not…

Source…

Supply chain disruption driving 3D printing tech

/in


The need to shorten supply chains in the face of ongoing global uncertainty and disruption is a pressing issue for many organisations, especially for multinational manufacturing companies that have come to rely on cheap labour in South East Asia.

China, in particular, continues to be hobbled by an economic downturn, power shortages and ongoing lockdowns resulting from its zero-tolerance approach to COVID-19. China’s days as the world’s manufacturing engine room seem to be numbered, as businesses seek to relocate manufacturing to other nations in Asia, such as Vietnam, or nearshore or reshore it closer to home.

There are, however, other means of shortening supply chains – one of which is 3D printing, also known as additive manufacturing (AM). 

AM technology started out as a way to produce prototypes with no machine tooling, but, over the past decade, it has evolved rapidly. An early drawback was that the process worked only with plastics; now, though, substances that can be printed include powders, resins, metals, carbon and even human flesh. 

In a report exploring the status of 3D printing – called The Mainstreaming of Additive Manufacturing, co-author Jörg Bromberger, Director of Strategy & Operations – points out that AM technology can generate any 3D component that will perform better and cost less than conventional manufacturing methods. 

3D printing allows for mass-scale customisation

He also highlights there’s no need for moulds or fixed tooling, and that it also allows for mass-scale customisation. Such simplicity of fabrication, he continues, reduces time-to-market and the need for spare-parts inventories, enabling the on-demand production of items from digital files in the field. Bromberger cites the example of carmaker Mercedes-Benz, which uses AM to produce spare parts for its classic vehicles.

The tech has the huge potential to help businesses reimagine manufacturing-based supply chains, and Bromberger feels that the technology is approaching the point where it is becoming disruptive: “When can a technology that has long been touted as a disruptive game changer for supply chains be said to have truly come of age?” 

His answer? When it’s a…

Source…

Pro-Russia hackers claim disruption of US Congress website

/in


Pro-Russia hackers claimed responsibility for a cyberattack that briefly interrupted access to a website for U.S. Congress on Thursday night.Related video above: Make sure your home security system is ‘secure’ from hackersAccess to Congress.gov was intermittently disrupted from around 9 p.m. ET Thursday until the website was restored to normal operation “just after” 11 p.m. ET, April Slayton, director of communications for the Library of Congress, which runs the website, told CNN.”The Library of Congress used existing measures to address the attack quickly, resulting in minimal down time,” Slayton said in an email. “The Library’s network was not compromised and no data was lost as a result of the attack.”A Russian-speaking hacking group known as Killnet claimed responsibility for the hack on their Telegram channel. The post included a screenshot of an error message on Congress.gov overlaid with an image of President Joe Biden with a puzzled look on his face.The hackers used a popular tactic known as a distributed denial of service attack (DDoS), according to Slayton, which floods computer servers with phony web traffic in an attempt to knock websites offline. Congress.gov displays information on bills, hearings and other deliberations of Congress.While DDoS attacks can have material consequences, such as when customers can’t access banking websites, they are sometimes more about making a statement and getting noticed.In the prelude to Russia’s full-scale invasion of Ukraine in February, the White House blamed Russian military intelligence for a series of DDoS attacks on Ukrainian government websites.The war in Ukraine has triggered a wave of pro-Russia and pro-Ukrainian hackers who have made political statements and targeted infrastructure in the two countries.Killnet last week claimed responsibility for DDoS attacks on websites of government agencies and private firms in Lithuania. The hackers said it was retaliation for Lithuania blocking the shipment of some goods to the Russian enclave of Kaliningrad.U.S. officials have been on high alert for months for retaliatory Russian cyberattacks after the Biden administration imposed stiff sanctions on Russia for its invasion of…

Source…

Sandworm: A tale of disruption told anew

/in


As the war rages, the APT group with a long résumé of disruptive cyberattacks enters the spotlight again

For cybersecurity pundits, it has become a doctrine that cyberdisruption, whether perpetrated directly or via proxy groups, can be expected to accompany military, political, and economic action as a way of softening up targets or of strategically applying pressure via subterfuge. Thus, in a time of war in Ukraine, the spotlight has also naturally turned to cyberwarfare, both past and present.

Since at least 2014, companies in Ukraine or with network access to the region have suffered the likes of malware such as BlackEnergy, TeleBots, GreyEnergy, Industroyer, NotPetya, Exaramel, and, in 2022 alone, WhisperGate, HermeticWiper, IsaacWiper, and CaddyWiper. In all cases, except the last four, the cybersecurity community discovered enough code similarities, shared command and control infrastructure, malware execution chains and other hints to attribute all the malware samples to one overarching group – Sandworm.

Who is Sandworm?

The moniker Sandworm was chosen by researchers at iSIGHT Partners, a threat intelligence company, who discovered references to Frank Herbert’s novel Dune in BlackEnergy malware binaries in 2014. At that time, ESET researchers were presenting their findings on several targeted BlackEnergy attacks in Ukraine and Poland at a Virus Bulletin conference, but also discovered the same, unmistakable references in the code: arrakis02, houseatreides94, BasharoftheSardaukars, SalusaSecundus2, and epsiloneridani0.

While some speculated that Sandworm was a group working from Russia, it wasn’t until 2020 that the US Department of Justice (DoJ) concretely identified Sandworm as Military Unit 74455 of the Main Intelligence Directorate (GRU) – which was changed to the Main Directorate (GU) in 2010, although “GRU” seems to have stuck in Western parlance – of the General Staff of the Armed Forces of the Russian Federation, located at 22 Kirova Street, Khimki, Moscow in a building colloquially called “the Tower”:

Figure 1. The Tower on 22…

Source…