Latest cyberattack on Nvidia is just the tip of the iceberg

2 Mar 2022

Image: © RVNW/Stock.adobe.com

News of the Nvidia hack came around the same time as insurance giant Aon and carmaker Toyota were also hit in unrelated cyberattacks.

Last week, it was reported that chipmaker Nvidia was investigating a potential cyberattack. The company confirmed yesterday (1 March) that it became aware of a breach on 23 February and that the “threat actor took employee credentials and some Nvidia proprietary information from its systems”.

Data was allegedly stolen by ransomware group Lapsus$. The group claims to have files on Nvidia GPU drivers, which could allow hackers to turn every Nvidia GPU into a bitcoin mining machine.

According to SonicWall’s VP of platform architecture, Dmitriy Ayrapetov, this type of attack is known as cryptojacking.

“Cryptojacking victims are usually unaware that their device, whether it be a computer, phone or virtual machine, is being used to mine cryptocurrency,” he said.

“The attack has primarily settled into being performed via some executable, whether standalone or part of a larger software package, and is distributed via most common malware distribution methods – malicious emails, attachments, drive-by downloads and, in some cases, embedded cryptojacking browser scripts.”

Warning signs

Nvidia was just one company to be hit with a cyberattack in the last week. Insurance giant Aon, which has around 50,000 employees worldwide, disclosed it had suffered a cyberattack on 25 February that affected “a limited number of systems”.

While the company said the attack did not have a significant impact on its operations, infosec experts have raised concerns for the insurance industry as a whole.

Sam Linford, a vice-president at cybersecurity company Deep Instinct, said the attack on Aon is “a warning sign” to insurance companies that they are a popular target.

“The valuable data held by insurance companies is an attractive target for cybercriminals, which means that the industry has to make sure that they implement solutions which prevent data from being breached,” he said.

“With some of the fastest ransomware now encrypting within 15 seconds of being executed, organisations need to look towards prevention-first solutions.”

Paul Prudhomme, head of threat intelligence at infosec company IntSights, added that although Aon was able to limit the impact of this attack, other cyberattacks in the insurance industry have caused significant damage.

“Data stolen from companies normally ends up being bought and sold on hidden forums and marketplaces in the dark web. Securing customer data and knowing who is likely to attack should be top priority for organisations.”

Volatile times

Meanwhile, carmaker Toyota was also affected by a cyberattack, which led to the temporary closure of 14 of its factories in Japan.

The attack itself was actually on Kojima Industries, a supplier of plastic parts and electronic components for Toyota.

The carmaker said in a statement: “Due to a system failure at a supplier in Japan, we have decided to suspend the operation of 28 lines at all 14 domestic plants on [1 March].”

Oliver Pinson-Roxburgh, CEO of cybersecurity company Bulletproof, said Toyota fell victim to “a textbook case of supply chain attack”.

“Businesses are increasingly interconnected with partners and suppliers, so supply chain attacks are a growing risk,” he said. “This is a massive threat vector for bad actors to exploit as it can not only impact the company under attack but, as in this case, it can lead to third-party suppliers becoming victims.”

Last year, another supply chain attack affected up to 1,500 businesses worldwide. Miami-based software supplier Kaseya reported a “sophisticated attack” on its VSA software, a set of tools used by IT departments to manage and monitor computers remotely.

According to Bulletproof’s latest cybersecurity industry report, up to 40pc of cyberthreats are now occurring indirectly through the supply chain.

“It is not enough for businesses to focus on cybersecurity for just their core corporate network,” said Pinson-Roxburgh. “Every endpoint across an organisation’s technology portfolio needs to be accounted for and protected.”

Tim Wallen, UK and Ireland regional director of LogPoint, said reports of the Toyota cyberattack “serve as a warning in these volatile times”.

“While the manufacture of cars is not necessarily critical to societies, it’s a warning of how cyberattacks can influence in real life, not limited to leaks of digital information or systems being held for ransom.”

A tipping point

The last two years have highlighted more than ever how much the threat landscape has grown and evolved. Some of the major cyberattacks that have shaken the world recently include the HSE ransomware attack in Ireland, the attack on the world’s largest meat producer, the cyberattack on a major US gas pipeline and, most recently, the wave of cyberattacks hitting Ukraine.

SonicWall’s latest cyberthreat report highlights the variety of threats that increased to unprecedented levels in 2021, with ransomware attacks up 105pc and encrypted threats increasing 167pc.

The report also showed that cryptojacking has increased by 19pc. It stated that while cryptojacking volume didn’t see the sort of increases that were observed with ransomware and encrypted attacks, “this moderate increase was still enough for 2021 to set a new all-time record”.

While the stats paint a worrying picture for the growing threat of cyberattacks, they also serve as an important reminder that leaders need to make security a top priority.

“Realistically it’s not possible to stop every single attack,” said Jamie Moles, technical manager of infosec company ExtraHop.

“Preventing criminals from entering the network is still important, but IT security needs a plan for when an attack or intrusion does happen to catch determined threats as quickly as possible before too much damage is done. Ensuring good protocol, network segmentation and behavioural monitoring of the environment is essential for organisations to help protect themselves.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Jenny Darmody is the editor of Silicon Republic

editorial@siliconrepublic.com