Researchers from Kaspersky Lab have identified a major supply-chain hacking campaign that features ASUS, one of the world’s largest computer makers. The issue highlights the growing risk from supply-chain attacks, where malicious software or components get installed on systems as they’re manufactured or assembled, or even afterward through trusted vendor channels.
In response to the findings, Jake Olcott, VP Government Affairs at BitSight, made the following comment :
“Supply chain risk is one of the biggest challenges in cyber today. Tech companies issuing remote patching and remote updates to customers are increasingly targeted because of their broad, trusted relationships with their customers. Companies must conduct more rigorous diligence and continuously monitor these critical vendors in order to get a better handle on this risk.”