Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Chipmaker. Show all posts

Microchip Technology Confirms Private Data Stolen in Ransomware Attack

 

Microchip Technology has acknowledged that employee information was stolen from vulnerable systems in an August incident. The Play ransomware group later claimed responsibility. 

The chipmaker, headquartered in Chandler, Arizona, serves over 123,000 clients across a variety of industries, including industrial, automotive, consumer, aerospace and defence, communications, and computing. 

On August 20, Microchip Technology revealed that a cyberattack discovered on August 17 has disrupted operations across multiple production plants. The incident hampered the company's capacity to meet orders, forcing it to shut down parts of its systems and isolate those affected in order to manage the breach. 

In a Wednesday filing with the Securities and Exchange Commission, Microchip Technology stated that its operationally critical IT systems are now functioning, with operations "substantially restored" with the firm processing customer orders and shipping products for more than a week. 

Microchip Technology also stated that the attackers acquired some staff data from its systems, but it has yet to find proof that customer information was also compromised during the intrusion. 

"While the investigation is continuing, the Company believes that the unauthorized party obtained information stored in certain Company IT systems, including, for example, employee contact information and some encrypted and hashed passwords. We have not identified any customer or supplier data that has been obtained by the unauthorized party," Microchip Technology stated. 

"The Company is aware that an unauthorized party claims to have acquired and posted online certain data from the Company's systems. The Company is investigating the validity of this claim with assistance from its outside cybersecurity and forensic experts,” the chipmaker added. 

Investigating Play ransomware claim 

Microchip Technology continues to assess the scope and consequences of the cyberattack with external cybersecurity consultants. Restoring IT systems affected by the incident is currently ongoing. The company claims that it has been processing customer orders and delivering products for more than a week, despite the fact that it is still working on recovery after the attack. 

Even though Microchip Technology is still investigating the origin and scope of the hack, the Play ransomware gang claimed credit on August 29 by including the American chipmaker on its dark web data dump website. 

The ransomware outfit claimed that it had stolen "private and personal confidential data, clients documents, budget, payroll, accounting, contracts, taxes, IDs, finance information," among other things, from the infiltrated systems of Microchip Technology. 

Since then, the ransomware group has disclosed some of the allegedly stolen material and threatens to release the remaining portion if the company does not respond to the leak.

Notable Play ransomware victims include cloud computing firm Rackspace, car merchant Arnold Clark, the Belgian city of Antwerp, the City of Oakland in California, and, most recently, Dallas County.

Chip-Maker Arm Reveals Side-attack on Cortex-M, Denies it as failure of The Architecture's Defenses


Chip designer Arm confirms that a successful side-channel attack on one of its TrustZone-enabled Cortex-M based systems cannot be viewed as a failure of the architecture's defenses.

In a statement last Friday, BLACK HAT ASIA Arm said that a successful side attack on one of its Cortex-M systems with TrustZone enabled was "not a failure of the protection offered by the architecture."

"The Security Extensions for the Armv8-M architecture do not claim to protect against side-channel attacks due to control flow or memory access patterns. Indeed, such attacks are not specific to the Armv8-M architecture; they may apply to any code with secret-dependent control flow or memory access patterns," argued Arm.

Arm released the statement following a presentation titled "Hand Me Your Secret, MCU! " at the Black Hat Asia infosec conference last week. Microarchitectural Timing Attacks on Microcontrollers are Practical" - claimed that side-channel attacks are possible on the microcontrollers made by the chip design company.

Researchers from Portugal's Universidade do Minho (UdM) were successful in demonstrating that MCUs were vulnerable to similar attacks. Their findings were based on the 2018 discovery of Spectre and Meltdown, the Intel CPU architecture vulnerabilities that opened Pandora's box of microarchitecture transient state side attacks.

Historically, servers, PCs, and mobile devices were the principal targets of microarchitectural attacks. Due to the systems' simplicity, microcontrollers (MCUs) like Arm's Cortex-M were considered an unlikely target. However, a successful assault would have serious repercussions because MCUs are included in almost all IoT devices, as UdM researchers Sandro Pinto and Cristiano Rodrigues explained at Black Hat Asia last Friday.

The researchers are calling their discovery the first microarchitectural side-channel attack for MCUs. A side-channel attack is a strategy that gets through CPU memory isolation protections by recovering or stealing knowledge about a system through observation.

The researchers described that the attacks take advantage of the timing differences exposed through the bus interconnect arbitration logic. The bus interconnect cannot support two transactions to access a value in memory issued simultaneously by two bus masters within the MCU, such as the CPU and Direct Memory Access (DMA) block. It delays the other while giving one priority.

The researchers applied this logic in an effort to analyze how much the victim application was delayed, and thus infer the secret PIN. The procedure was automated by running the spy logic independently of the CPU in the background using the peripherals.

For MCU CPUs and bus interconnect designs, Arm has a significant market share. The chipmaker claims that its TrustZone-M technology, when combined with other safeguards, provides tamper-proof security for the entire MCU, including defense against side attacks. Arm wants to at the very least render such attacks "uneconomical."  

Data Breach: Chipmaker Intel Shares Fall by 9%

 

The stock of Intel Corp was rallied to close in the last minutes of Thursday 21st January 2021 after the unlikely announcement of quarterly results by the chipmaker at the end of the day, but the stock was reversed in prolonged trading as the firm dealt with long-term plans.

The Intel Corp. chip maker made an administrative mistake on Friday with a data breach – which led to a quarterly profits study being released early with a fall in shares as much as 9%. Intel further added that its corporate network was not affected. The Chief Financial Officer of the firm, George Davis, had earlier stated that “Intel had released its results ahead of the closing of the stock market on Thursday, claiming that the hacker had taken financially valuable information from the site.” 

The quarterly reports of the firm were initially expected to be released hours later after the end of the Wall Street market on Thursday. “Once we became aware of these reports, we made the decision to issue our earning announcement a brief time before the originally scheduled release time”, as per a statement by American computer chip corporation. “An infographic was hacked of our PR newsroom site,” disclosed Davis. The company is reviewing claims that one graph from its earnings report may have gained unauthorized entry. 

Intel further added that “the URL of our earnings infographic was inadvertently made publicly accessible before the publication of our earnings and accessed by third parties. Once we became aware of the situation, we promptly issued our earnings announcement. Intel's network was not compromised, and we have adjusted our process to prevent this in the future.”

The performance of Intel for the fourth quarter met the aspirations of analysts and dismissed the company's estimate of high PC revenues. The chipmaker saw a trimestral decline of 1% to $20 billion annually, but he still defeated Refinitiv's $17.49 billion forecasts by analysts. Net earnings were $1.52 per share for the year, relative to an estimated $1.10. 

At $62.46 following the release of holiday sales and a forecast that beats expectations, but slowed almost 4 percent after hours, Intel INTC's -9.29 percent share came to an end of 6.5 percent. The business studies claim that a graphic in its profits has been stolen and pressured to reveal the figures early.