The Taiwan Semiconductor Manufacturing Co. (TSMC) had several factories knocked offline late last week due to a cyberattack.
The TSMC is the lone producer of the primary processor used in Apple iPhones and the attack came as the company was getting ready to start production of the chip for the latest version of that smartphone, reported Bloomberg News. The attack took place on Friday when several of TSMC's computer systems and factories and halted some operations. No details on the type of malware involved was released by the company.
“The degree of infection varied by fab. TSMC contained the problem and found a solution. As of 14:00 Taiwan time, about 80% of the company's impacted tools have been recovered, and the Company expects full recovery on August 6,” the company said in a statement.
TSMC did not give a detailed explanation of how the malware was inserted into its computer network placing the blame on an internal issue and not an outside attack.
“This virus outbreak occurred due to misoperation during the software installation process for a new tool, which caused a virus to spread once the tool was connected to the Company's computer network. Data integrity and confidential information was not compromised. TSMC has taken actions to close this security gap and further strengthen security measures,” the company said.
Cyber industry experts agreed with TSMC's evaluation of the incident saying that at this time it does not appear to be caused by an outside actor, despite some news reports to the contrary.
“No. This doesn't seem odd. From this statement, it appears that the new software required a connection through the firewall to communicate and this opened up a hole for a virus to slip past and infect unpatched or vulnerable systems. This is a quite common issue when working with 3rd party software suppliers that require companies to open ports on firewalls,” said Joseph Carson, chief security scientist at Thycotic.
Anupam Sahai, Cavirin's VP of product management, praised TSMC for its quick communication regarding the problem, but noted the company is going to take a hit in revenue over the shutdown and he suggested a top to bottom review of TSMC's security protocols.
TSMC expects the temporary shutdown to negatively impact third-quarter revenue by about three percent and expects any shipment shortfalls that take place now to be made up in the fourth quarter.
The fact a third-party software vendor played a role here should also give TSMC, and all other companies in a similar position, pause to make sure these supply chain partners practice proper cybersecurity hygiene prior to bringing them into the company fold.