semiconductor production plant

Chip company loses $250m after ransomware hits supply chain

Applied Materials, one of the world’s leading suppliers of equipment, services, and software for the manufacture of semiconductors, has warned that its second-quarter sales are likely to be hurt to the tune of $250 million due to a cybersecurity attack at one of its suppliers.

MKS Instruments Inc.

In the announcement of first quarter results and the second quarter forecast Applied Materials mentions a:

“negative estimated impact of $250 million dollars related to a cybersecurity event recently announced by one of our suppliers”

And although Applied Materials did not name the supplier, it’s thought that the victim is MKS Instrument Inc; a vendor that a week ago said a ransomware attack would force it to delay the release of its own quarterly results.

Ransomware

On February 16, 2023, MKS filed notice of a data breach after learning of the ransomware attack that resulted in sensitive employee information being made accessible to an unauthorized party. 

MKS said the attack has impacted the company’s ability to process orders, ship products, and provide service to customers in the company’s Vacuum Solutions and Photonics Solutions Divisions. The full scope of the costs and related impacts of this incident, including the extent to which the company’s cybersecurity insurance may offset some of these costs, has not been determined.

More details about the attack have not yet been released, but we will keep you informed when we learn more about it.

Supply chain effects

While we have talked at length about the risks of getting infected through your supply chain, this incident goes to show that even if none of your systems themselves get infected, an attack at one of your suppliers can have significant financial repercussions for your organization.

A supply chain attack is, essentially, another way for attackers to compromise their target company. Instead of them attacking their target directly, they go for the weakest link in that company’s supply chain: a vendor that may not have as secure a system as their main target.

Chip equipment industry

There is no good time for a ransomware attack, but this one comes with very bad timing. Of all the component shortages we’ve seen in recent years, by far the most severe has been for certain semiconductors, aka chips.

It has to be mentioned that the semiconductor manufacturing equipment industry is a special case. It is a very specialized and espionage sensitive industry where a few companies dominate the global market. In such a market, the stagnation at an important supplier, who can not be replaced on short notice, can have a huge impact on your own results. As demonstrated here.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Write an incident response plan. The period after a ransomware attack can be chaotic. Make a plan that outlines how you’ll isolate an outbreak, communicate with stakeholders, and restore your systems.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.