Microsoft’s Digital Crimes Unit has uncovered an alarming cybercrime plot, involving the infiltration of an unsecured supply chain in order to embed malicious software on brand new desktop and laptop computers.
In a blog post published September 13, Microsoft confirmed that a study conducted over the past two years – entitled Operation b70 – had found several new computers purchased in China to be already infected with malware.
reads the blog post.
One of the computers was even infected with the Nitol virus, which allows cybercriminals to externally access and take control of a computer in order to execute other programs as well as perform coordinated Denial-of-Service (DDOS) attacks.
Microsoft notes that the most alarming aspect of this cyber threat is that the malware could have potentially been embedded at any part of the supply chain.
People concerned about this risk should be aware of the possibility of pre-embedded malware and understand that if a deal sounds too good to be true, it probably is, according to Microsoft.
However the biggest concern for organisations will be the fact that this sort of malware can easily be transferred across systems through the careless use of removable media and storage devices.
reads the Microsoft blog post.
Businesses concerned about the danger of malware may want to consider undergoing regular security audit evaluations in order to assess the level of risk made present by a cyber-threat such as this, and ensure maximum vulnerability management across the organisation.
The U.S. District Court for the Eastern District of Virginia has granted Microsoft’s request for an ex parte temporary restraining order against the suppliers who sold the malware infected hardware, and allowed the company to seize control of a domain which was hosting the malware.