Virus shuts down chip manufacturer

06 September 2018

A computer virus resulted in the temporary closure of factories operated by Taiwan Semiconductor Manufacturing Co (TSMC), which supplies processors to tech companies like Apple.

On the evening of Friday 5 August, a number of computer systems and fabrication tools at TSMC factories in Taiwan were hit by a computer virus outbreak. The virus was apparently a variant of WannaCry, which causes equipment to crash or reboot.

TSMC confirmed that a virus outbreak had occurred during the software installation process for a new tool, which caused a virus to spread once the tool was connected to the company’s computer network. Although data integrity and confidential information was not compromised, the company says that it has since taken action to close the security gap and further strengthen security measures.

COST OF DELAYS

The Taiwanese firm, one of the world’s largest chip manufacturers, reportedly lost a full day of production, just as it was due to ramp-up production for the latest iPhone. Despite its quick response, TSMC said the virus outbreak is likely to cause shipment delays and additional costs, resulting in a 2% reduction in third quarter revenue (around USD 170 million) and a 1% reduction in its gross margin. News of the outbreak also caused TSMC shares to fall 1.2%.

The incident is yet another wake-up call for manufacturers.

WannaCry caused car plants owned by Renault and Nissan to temporarily halt production as they moved to contain the spread of the malware in 2017, while aircraft maker Boeing revealed that it had been affected by the malware in March 2018. The NotPetya malware attacks in 2017 also led to the closure of a number of production lines and disruption at a number of companies. These companies include; pharmaceutical firm Merck, UK consumer goods maker Reckitt Benckiser, food company Mondelez and shipping company Maersk.

ATTRACTIVE TARGET

As manufacturers take advantage of automation and digitalisation, the industry has become an increasingly attractive target for cyber criminals. According to a report from cyber security consultant NTT Security, manufacturers were the most attacked sector in the UK, accounting for almost half of all cyber attacks last year. The IBM X-Force Threat Intelligence Index found that manufacturing firms account for 18% of cyber attacks globally, making it the second most targeted sector behind telecoms, and just ahead of financial services.

Last month, the US National Counterintelligence and Security Center (NCSC) warned of a growing threat to manufacturing companies, as state-sponsored hackers increasingly look beyond critical infrastructure targets. In particular, the NCSC warned that cyber criminals were using compromised software – in software supply chain attacks – to target companies in the energy, financial services, manufacturing, telecoms, transport and pharmaceutical sectors.

Data from Verizon found that state sponsored attackers caused more than half of the data breaches in manufacturing, while cyber espionage accounts for 31% of cyber attacks. Over half of attempted attacks against the manufacturing industry had a financial motive, while 47% of attempts were motivated by espionage, according to the Verizon report.

Subscribe to our  Latest Cyber Decoder newsletter

EMERGING EXPOSURE

With the digitalisation of supply chains and the move towards smart factories and more connected systems, manufacturing companies are growing increasingly reliant on technology and vulnerable to cyber attacks. For example, the industrial IoT created a massive attack surface for cybercriminals and nation-state actors to exploit, according to cyber security consultants.

A 2018 report on manufacturing from cyber security firm Vectra notes that growth of Industry 4.0 will create new operational risks for manufacturers and their supply chains. The interconnected nature of Industry 4.0 and the pace of digital transformation mean that cyber attacks could have far more damaging effects than ever before, yet manufacturers may not be prepared for the risks, it says.

Research from Vectra found elevated levels of malicious cyber reconnaissance targeting manufacturing firms, as attackers search for critical assets to steal or damage. The cyber security firm noted the apparent ease and speed with which attacks can proliferate inside manufacturing networks due to the large volume of unsecured IoT devices and insufficient internal access controls. Despite an increase in connected technology, most manufacturers do not invest heavily in cyber security and too often rely on un-partitioned networks and insufficient access controls, it warns.

SUPPLY CHAIN

Manufacturing companies have improved supply chain risk management in recent years, but efforts have typically focused on disruption caused by physical events, such as floods or fires. Incidents like the TSMC virus should make manufacturers consider the potential for non-physical damage disruption to supply chains; such as from an IT system failure, data loss or cyber attack.

Cover for non-physical damage business interruption, like that triggered by a cyber event, is not standard in property damage and business interruption policies. However, the cyber insurance market can provide broad coverage for cyber business interruption; while customised errors and omissions coverage and cyber insurance can protect against third party liability resulting from a delay.

Download Cyber Decoder

For further information, please contact Sarah Stephens, Head of Cyber, Content and New Technology Risks on cyber@jltgroup.com.

YOU MAY ALSO BE INTERESTED IN