Nvidia probes cyberattack on internal systems • The Register
In short Nvidia is investigating what could be a ransomware infection that caused outages within its internal network.
The malware is said to have taken root over the past two days, destroying email and development systems. The GPU giant continues to investigate.
In a statement, an Nvidia spokesperson said The register Friday: “Our business and commercial activities continue uninterrupted. We are still working to assess the nature and scope of the event and have no additional information to share at this time.”
A source speaking to Bloomberg describe the security breach was relatively minor and said it was unrelated to Russia’s invasion of Ukraine.
Separately this week, a Windows app called Nvidia RTX LHR v2 Unlocker was released which claimed to eliminate mechanisms Nvidia put in place to hinder cryptocurrency mining on graphics cards aimed at gamers.
Now, the Red Panda Mining forum has issued an alert, stating that not only does the program not actually bypass Nvidia’s mining limiter, but upon installation, it infects the system with malware, including a backdoor remote-controlled machine and a code that extracts the digital money stored on the machine. . Below is a video with more information:
Bottom line, don’t install this app.
Anonymous says he’s at war with Russia, Conti threatens retaliation
As the Russian invasion of Ukraine continues, two notorious internet outlets are choosing sides.
Thursday a Twitter account associated with the Anonymous collective declared he urged members to attack Russian government and commercial websites in light of the occupation. He apologized to Russians caught up in the cyber attacks and said President Putin’s unprovoked military action could not be allowed unchecked.
“We, as a collective, only want world peace,” the Anons said. “We want a future for all of humanity. So, as people around the world tear down your Internet Service Providers, understand that this is all directed against the actions of the Russian government and Putin.”
Soon after, the websites of Russian public broadcaster RT and state-owned electricity company Gazprom, as well as some government sites, went offline. Anonymous claimed its employees were behind the outages.
Then on Friday, Russia-based cybercriminal gang Conti warned it was also entering the fray. Conti, who was responsible for crippling the Irish health service last year via a ransomware attack, said he does not support the war nor does he act at the behest of the Russian government, but that he would retaliate against any cyberwar from the West.
“In response to Western warmongering and US threats to use cyber warfare against citizens of the Russian Federation, Team Conti officially announces that we will use all our capacity to retaliate in the event that Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world,” he warned in a statement seen by El Reg.
The FCC, the US communications watchdog, is would have attempt to identify telecommunications providers and other companies he oversees that have close ties to Russia, in case a new crackdown on Moscow is needed after the invasion of Ukraine.
Ransomware attacks have almost doubled and recovery rates are plummeting
More bad news on the ransomware front this week, with some reports claiming that global infection rates have increased by 92.7% in the last year and that recovering from an attack – even if you pay – is getting tougher. more and more difficult.
CNC Group published figures indicating a huge jump in the use of ransomware, with America being the top target with 53% of monitored infections and Europe with 30%. The main targets remain government organizations and the industrial sector, which each represent around 20% of the total.
“Many of the dangers we first identified early in the pandemic have snowballed into 2021, revealing a developing threat landscape with increasing ransomware attacks,” said Matt Hull, global head of NCC. for strategic threat intelligence.
And the news is not good either for those who suffer from it. ID management house Venafi this week reported that 35% of those who actually paid the ransom still couldn’t recover their data. In dual attack cases, when public exposure of the stolen data is threatened, 18% of those who paid had their information leaked anyway, compared to 16% who suffered the same fate after refusing to pay the ransom.
Interestingly, the report noted that 32% of attacks used so-called triple attacks, where attackers use stolen data to threaten vendors and customers. Almost two-thirds of respondents said they would be more likely to pay as a result of these additional threats.
America’s Number One… Worth It For Criminals, At Least
A interesting analysis Advertisements placed by access brokers, who sell access to compromised systems, revealed that Americans are still the top target, although the UK is only second in monetary value.
After spending two years posting to the cybercrime forum, the Crowdstrike team noted that 55% of ads were directed at US businesses and individuals, and they topped the cost chart. with an average value of $3,985 per system. The second most valuable country was the UK at $3,925, despite only accounting for 7% of ads.
Access to government institutions is the costliest sector covered in the report, with an average cost of $6,151, followed closely by the financial sector. In some cases, access brokers were charging five-figure sums for vital accounts.
“The academic sector has always been a popular focus for ransomware operations, with intrusions timed to coincide with the start of a new school term to cause the greatest disruption and in turn encourage a payment quick ransom,” the report said.
“Nearly 40% of announcements from the university sector were for access to US-based institutions, with a peak in activity noted in August 2021 coinciding with the start of the new semester.”
Low-tech cyber fraudster admits crimes
A Nigerian credential eater who extorted around $800,000 from human resources departments pleaded guilty this week to one count of computer fraud in the Southern District of New York.
Charles Onus, 34, was arrested in 2021 in San Francisco on his way to Las Vegas after being accused of participating in an organized campaign to target human resources and payroll staff to embezzle funds to other accounts. Rather than using high-level computer skills, Onus and his friends took existing credentials leaked in past attacks and banked on staff reusing passwords and login data.
As any security professional will not be surprised to learn, it was very successful. Onus admitted to embezzling about $800,000 in stolen funds using hacked work accounts at US companies from July 2017 to 2018.
“Charles Onus has admitted to being part of a scheme to steal hundreds of thousands of hard-earned dollars from workers across the United States by hacking into a payroll company’s system and diverting payroll deposits to cards prepaid debit cards that he controlled”, noted Damian Williams, U.S. Attorney for the Southern District of New York.
“Our office will continue to work with our law enforcement partners to zealously arrest and prosecute those who seek to commit cybercrimes targeting Americans behind a keyboard overseas.” ®