Tag Archive for: Semiconductor

Ransomware attack on chip supplier causes delays for semiconductor groups


Disruption from a ransomware attack on a little-known supplier to the world’s largest semiconductor equipment manufacturers will continue into March, in a new setback to chip production after years of coronavirus-related delays.

US-based MKS Instruments told investors and suppliers this week that it had yet to fully recover from a “ransomware event”, first identified on February 3, in an attack that has strained supply chains for the global chip industry.

“We’ve begun starting up the affected manufacturing and service operations,” MKS chief executive John Lee said in a call with analysts and investors on Tuesday.

MKS’s customers include many of the largest companies that produce semiconductors and the specialised equipment necessary to manufacture them, including TSMC, Intel, Samsung and ASML.

The company had revealed on Monday that it could still take “weeks” more to restore operations and would cost hundreds of millions of dollars in lost or delayed sales. Most ransomware victims are able to recover in about three weeks, according to industry estimates.

The attack affected “production-related systems” as well as critical business software, MKS said earlier this month, forcing it to suspend operations at some of its facilities. The Massachusetts-based company makes lasers, vacuum systems and other specialised equipment vital to chip manufacturing.

Lee has said the attack “materially impacted” its systems, including its ability to process orders and ship products in its two largest divisions, photonics and vacuum.

After delaying publication of its latest financial results, which were released on Monday, the company has now told the US stock market regulator that it is unable to file its annual report on time. Missing the extended deadline could result in a fine.

Its forecast of “at least” a $200mn hit to its current quarter’s revenues is about a fifth of the $1bn in sales that it had forecast before the attack. Analysts at Cowen, a broker, estimate the final impact on quarterly sales could total as much as $500mn — more than half what Wall Street had previously predicted.

“The full scope of the costs and related impacts of the incident has…

Source…

The Four Best Semiconductors & Semiconductor Equipment Stocks to Buy Right Now


The semiconductor industry is one of the most critical segments of the technology space, given its ability to facilitate rapid innovation across virtually every other field. It’s fair to say that almost every piece of tech you use in your daily life has semiconductor technology somewhere inside. For example, nearly all computers — desktop, laptop, and mobile — use semiconductors as their primary processing engine. Similarly, many communications devices such as cell phones and wireless routers also rely on semiconductors to send voice signals or data packets from one device to another. Even digital cameras and camcorders use semiconductors for image processing; GPS devices measure distances and speed, while Bluetooth headsets and speakers use them for wireless audio streaming. Even the humble thermometer uses semiconductor sensors to measure body temperature!

Allegro MicroSystems (ALGM)

ALGM is an integrated circuit (IC) manufacturer that makes IC products across various end-user applications and markets. The company has a market cap of approximately $1.6 billion, and its share price has been volatile in recent weeks due to a significant drop in November. Given the recent volatility in the semiconductor sector, this timing made it a compelling choice for inclusion in this list. Specifically, analysts believe that the industry may be experiencing a cyclical slowdown, causing investors to pull their money out of the industry. The company’s main products include data conversion, signal conditioning, and power delivery solutions, primarily for the industrial and medical segments. In addition, ALGM also makes IC products for automotive, computer networking, and telecommunications applications.

Synaptics (SYNA)

Synaptics is a leading provider of human interface solutions, including touch and proximity sensors, capacitive touch-enabled products, and related software. The company’s products are used in various end-user applications, including notebook PCs, desktop PCs, smartphones, tablets, ATMs, and automobile touchscreens. The company has a market cap of approximately $6.5 billion, with its share price dropping significantly in the past several months. This makes it a…

Source…

The mother of all ‘zero-days’ — immortal flaws in semiconductor chips


The CHIPS Act of 2022 was signed into law on Aug. 9. It provides tens of billions of dollars in public support for revitalization of domestic semiconductor manufacturing, workforce training, and “leap ahead” wireless technology. Because we outsource most of our device fabrication — including the chips that go into the Navy’s submarines and ships, the Army’s jeeps and tanks, military drones and satellites — our industrial base has become weak and shallow. The first order of business for the CHIPS Act is to address a serious deficit in our domestic production capacity. 

Notoriously absent from the language of the bill is any mention of chip security. Consequently, the U.S. is about to make the same mistake with microelectronics that we made with digital networks and software applications: Unless and until the government demands in-device security, our competitors will have an easy time of manipulating how chips function and behave. Nowhere is this more dangerous than our national security infrastructure.

For the first quarter-century of ubiquitous internet access, policy makers and industry leaders did not imagine — literally could not conceive — a deliberate electronic intrusion from an ideological adversary.

Now they hit us almost at will.

Deterrence has proven to be an obviously insufficient policy alternative. Western civil societies — our power stations, waste processing facilities, and hospitals — are paying a heavy price for their porous defenses and cyber naivete.

Every chip starts life as a software program before it is fabricated, mostly in Asia, and mostly in Taiwan, into a chip. The process that transforms design code into “sand in the hand” silicon is just as vulnerable today as consumer applications were in the early 2010s, and for all the same reasons. The impact is deeper and more penetrating because once a chip is compromised, it is nearly impossible to patch. It might be in space or under an ocean. Our enemies know this too.

Undetected vulnerabilities, called “zero-days,” are endemic to and ubiquitous in all digital systems. They remain dormant until activated by someone who is trying to ransom data, steal data, or…

Source…

German semiconductor giant Semikron says hackers encrypted its network – TechCrunch


Semikron, a German manufacturer that produces semiconductors for electric vehicles and industrial automation systems, has confirmed it has fallen victim to a cyberattack that has resulted in data encryption.

“Semikron is already in the process of dealing with the situation so that workflows and all related processes can continue without disruption for both employees and customers as soon as possible,” a Semikron spokesperson told TechCrunch.

Semikron declined to disclose the nature of the cyberattack, but all signs point to ransomware. The semiconductor maker said in a statement that hackers claim to have “exfiltrated data from our system,” adding that the incident has led to a “partial encryption of our IT systems and files.” This suggests the malicious actor behind the attack has used the double extortion ransomware tactic, whereby cybercriminals exfiltrate a victim’s sensitive data in addition to encrypting it.

The Nuremberg-based group company, which claims to power 35% of the wind turbines installed globally each year, declined to say who was behind the attack nor whether it received a ransom demand. However, Bleeping Computer reports that Semikron was the victim of the LV ransomware, with the hackers apparently stealing 2 terabytes of documents.

LV ransomware has been in operation since at least 2020 and uses a modified variant of REvil ransomware, according to cybersecurity company Secureworks. According to the group’s dark web blog, which doesn’t yet list Semikron as a victim, the gang targets companies that allegedly do not meet data protection obligations.

“They rejected to fix their mistakes, they rejected to protect this data in the case when they could and had to protect it,” its dark web blog states. “These companies preferred to sell their private information, their employees’ and customers’ personal data.”

It’s unclear what data was exfiltrated from Semikron’s systems, and the company declined to say how many customers and employees are potentially impacted. Semikron has over 3,000 employees in 24 offices and 8 production sites worldwide across Germany, Brazil, China, France, India, Italy, Slovakia, and the…

Source…