WannaCry rears its ugly head again. Reddit gets hacked, despite using two-factor authentication. A cryptojacking campaign targets carrier-grade routers. Here are some recent security industry news that have caught our attention.
WannaCry hits Taiwan Semi
The notorious WannaCry ransomware re-appeared recently, when Taiwan Semiconductor Manufacturing, a chip supplier to Apple and other smartphone makers, suffered an infection that dented its operations.
Specifically, the ransomware disrupted chip production to a point that will delay shipments and cut revenue in the third quarter, although no confidential data was compromised, the company said.
According to Sophos’ Naked Security blog, the chip maker, which is Taiwan’s largest company, blamed the incident on a careless supplier that installed software infected with a WannaCry variant on its network. “When the virus hit, it spread quickly, affecting production at semiconductor plants in Tainan, Hsinchu and Taichung,” Naked Security’s Lisa Vaas wrote.
Of course, WannaCry can be avoided altogether by patching vulnerable systems, as Ben Lovejoy reminds us in 9to5Mac.
That’s the major lesson from last year’s WannaCry global rampage, which infected 300,000-plus systems, disrupting critical operations globally. Long before WannaCry erupted in May of last year, organizations should have patched the vulnerability that the ransomware exploited. Now they’ve had more than a year to fix it.