Today Bloomberg published a breaking story, “The Big Hack: How China Used a Tiny Chip to infiltrate America’s Top Companies,” detailing a major attack on US servers by the PLA, infiltrating the supply chain of contract hardware manufacturers to embed a spy chip onto motherboards used in the thousands across the US in organizations ranging from Amazon to Apple. The chips would ping their operators and then download malicious code to infect the server operating system. It took a combination of government agencies and tech companies more than three years to detect this attack and the only remediation is removal of the infected systems.
Importantly, this story has been refuted by several of the parties involved. See the latest on Threat Post.
What is described is a typical fifth generation cyber attack – large scale, sophisticated technology that attacks the target from multiple vectors (hardware, internet, OS – all vectors to target the data). The attack again shows that the threat landscape is broader than many people realize. Another example was our “Faxploit” exposed in August.
It is possible to prevent these kind of attacks using a comprehensive real-time perimeter security solution and good cooperation between government agencies and the cyber industry. Such a solution can reduce the time it takes to respond from years (as described) to minutes or even seconds, and can provide true and effective prevention. Check Point is leading the way in such efforts.
This story also shows, once again, the security risks which inevitably result from the growing use of digital platforms, particularly cloud services. IaaS cloud services lack comprehensive perimeter security mechanisms to protect critical data.
Bloomberg’s story illustrated exactly what Check Point has been saying for quite some time, and addressing with Check Point Infinity and ThreatCloud services, including Advanced Threat Prevention and CloudGuard Cloud Security.
Combined with the recent story about an attack on Facebook, and today’s other story about a joint US-Dutch operation against Russia’s GRU, it’s obvious that Gen V cyber security is needed now more than ever, and Check Point is in a unique position to put this into perspective and deliver a comprehensive solution.