IndustryWeek's curated collection of semiconductor news
Powerhouse semiconductor manufacturer AMD may have been hacked for 450 GB of data, allegedly last year according to the cybercriminals trying to fence the data.
BleepingComputer reports that the RansomHouse ransomware group, after teasing for a week on the Telegram app that the group had for sale data stolen from a well-known company, yesterday revealed both the name of the company and the amount of data allegedly stolen.
“An era of high-end technology, progress and top security…there’s so much in these words for the crowds. But it seems those are still just beautiful words when even technology giants like AMD use simple passwords like…” reads a post on the RansomHouse data leak site, followed by a string of sample passwords like “password” and "P@ssw0rd," as the hackers poured salt into an alleged cyberwound.
“RansomHouse is claiming they compromised AMD's network due to weak passwords. If true, this is an unfortunate instance of poor security. AMD, and any high tech company, should require phishing-resistant MFA [multi-factor authentication] for all logons, or if MFA cannot be used, require strong and unique passwords,” says Roger Grimes from cybersecurity awareness and training company KnowBe4.
“However, to point out any company, even AMD, even if the claim is true, is missing the bigger picture,” continues Grimes. “The lack of phishing-resistant MFA and strong and secure passwords is the norm. More organizations than not have the exact same problem and simply pointing to this one company in this one instance as if they are some unique aberrant party isn't the reality.”
Stolen Data Is as Bad as Encrypted Data
According to BleepingComputer, RansomHouse told the website that one year ago their “partners” breached AMD security and that no ransomware was used. This was purely a data heist, in other words, versus encrypting devices and then demanding payment to de-encrypt the data, a common M.O. for cybercriminals. The data, according to RansomHouse, includes research and financial information.
“In some ways mass-scale data theft is even more damaging than encrypting local files as once the data has been copied off the victim’s network, there is no way for the victim to verify that the stolen data will actually be deleted and not resold or publicly leaked even if the cybercriminals’ extortion demands are met,” says Chris Clements, vice president of solutions architecture at cybersecurity company Cerberus Sentinel. “A ransomware attack that encrypts files can be disruptive, but well-planned backup and restore processes can often quickly restore operations without the need to pay the attacker’s ransom demands.”
“The attacker’s claim that the source of the breach stemmed from weak passwords is unfortunately very believable. Far too many organizations are not even aware [of] modern password best practices, much less effectively implementing them at organization scale,” Clements continues. “The latest best practices endorsed by NIST and Microsoft include common sense guidelines like increasing minimum password length and enforcing multifactor authentication, but also some surprising recommendations like not requiring specific character compositions and eliminating periodic password expiration requirements.”
RansomHouse has apparently not provided solid proof that any data was actually stolen. “AMD is aware of a bad actor claiming to be in possession of stolen data from AMD. An investigation is currently underway,” said the company in a statement to BleepingComputer.
