Did you hear about the recent story from Bloomberg reporting that Chinese spies placed small chips onto SuperMicro motherboards before they were sent to US companies?
Supply chain hardware modification attacks are troubling because we don’t have proven methods of detection like we have for some software attacks. This story, whether true or not, brings to light the attacks cybersecurity professionals may face in the workplace. The story claims, through many anonymous sources, that the Chinese government is involved in modifying motherboards made in China for SuperMicro, by adding a tiny chip that is smaller than a grain of rice. These chips are so small and undetectable that they were hidden on servers that were installed in data centers across the US. The only indication that there was a problem, sources stated, was after monitoring network traffic and detecting odd network activity. All companies named in the story are denying any knowledge of such a chip or that an investigation is taking place.
Are you currently checking your servers for supply chain hardware modifications before installing in your data center? What tools could you use and how would you know if there has been a breach? Until we find out more about other potential methods for detection we should monitor for abnormal network traffic inbound and outbound on server networks.
The attacks of tomorrow will be far superior and harder to detect than anything we have seen in the past, especially when it comes to nation-state actors. I would encourage you to take the time to read over this story so that you are aware of the types of attacks you may face now and in the future.