Supply chain attacks are scary, but there are plenty of other hardware-based issues organizations should be worrying about before they have to panic about the complex malicious implants in their servers.
Attacks on the global supply chain—sabotaging hardware components, installing malware or backdoors in software—are stuff security nightmares are made of. The ICT Task Force, formed by the Department of Homeland Security, meets to help companies manage their risk.
Whether or not Chinese spies actually planted rogue chips into Super Micro servers, this kind of supply chain attack is feasible. This is just the tip of the iceberg.
The list of Magecart victims gets longer as the attack group optimizes its attack code and modifies its methods to steal payment card information from unsuspecting shoppers. What's a website owner to do?
The National Institute of Standards and Technology (NIST) released its version 1.1 update to the 1.0 version of their Framework for Improving Critical Infrastructure Cybersecurity, last updated in 2014.