With more than 600,000 Apple computers discovered to be infected with a single piece of malware this month, supply chain service providers and management professionals are going to be taking a closer look at their systems and activities of their members.
Most malware infections transmitted on the Web come from downloads and visiting unsafe Websites, so policies and monitoring procedures can be implemented to effectively limit the risk. Concerns, however, arise when risks come from unexpected places.
Hewlett-Packard is still trying to determine how some HP ProCurve switches shipped last year contained malware. The malware infected the 1GB card flash memory drive. The malware caused no harm to the switches themselves, but could easily infect any computer the flash drives are connected to.
While such hardware and software purchases don’t typically raise concern over supply chain safety they should, according to Greg Schaffer, acting deputy undersecretary of the Department of Homeland Security’s National Protection and Programs Directorate.
Schaffer, speaking to a House committee last year, said many of these types of software and hardware intrusions can be traced back to an individual or infected computer in the supply chain and these crimes typically come with the goal of financial gain, not just supply chain disruption.
While most companies have some security in place, HP's problems highlight a threat that should be added to everyone’s list of best practices: don’t reuse components across platforms.
HP isn’t certain exactly what type of malware is on its flash drives or what damage it could cause. The company said those customers that purchased an HP ProCurve 5400 ZL series after April 30, 2011 are at risk.
A list of affected serial numbers and instructions around the switch can be found here
The fix requires either replacing the hardware or running an HP update to delete the malicious files. — Geoff Whiting