In brief Nvidia is probing a cyberattack that caused outages within its internal network.

It’s said that email and developer systems were knocked over during the intrusion, which was discovered three days ago. The GPU giant continues to investigate.

In a statement, an Nvidia spokesperson told The Register on Friday: “Our business and commercial activities continue uninterrupted. We are still working to evaluate the nature and scope of the event and don’t have any additional information to share at this time.”

A source speaking to Bloomberg described the security breach as relatively minor, and said it was not connected to Russia’s invasion of Ukraine.

In an updated statement on February 28, Nvidia told us it does not believe ransomware was involved but that data was stolen from its network and leaked online:

The LAPSUS$ cyber-extortion gang took credit for the intrusion, and alleged it stole 1TB of schematics, driver and firmware code, documentation, SDKs, and more. The crew claimed it leaked a 19GB archive of those files online, which includes what may be the source code to Nv’s Deep Learning Super Sampling (DLSS) and other components.

The crooks said unless Nvidia releases a software update that removes its recent crypto-coin mining limiter, they will leak what sounds like internal hardware documents – a hw folder, specifically. Curiously, the gang is also selling what it claims to be a tool that removes the mining limiter.

Separately this week, a Windows application called Nvidia RTX LHR v2 Unlocker was released that claimed to eliminate the mechanisms Nvidia put in place to hamper the mining of cryptocurrencies on graphics cards aimed at gamers.

Now the Red Panda Mining forum has issued an alert, saying not only does the program not actually bypass Nvidia’s mining limiter, but on installation it infects the system with malware, including a remote-control backdoor and code that extracts digital money stored on the machine. Below is a video with more info:

Youtube Video

Bottom line is, don’t install this application.

Anonymous says it’s at war with Russia, Conti threatens retaliation

As the Russian invasion of Ukraine continues, two notorious internet bodies are picking sides.

On Thursday a Twitter account associated with the Anonymous collective declared it was urging members to attack Russian government and commercial websites in light of the occupation. It apologized to Russians caught up in the cyber-assaults, and said President Putin’s unprovoked military action could not be allowed to go unchecked.

“We, as a collective want only peace in the world,” the Anons said. “We want a future for all of humanity. So, while people around the globe smash your internet providers to bits, understand that it’s entirely directed at the actions of the Russian government and Putin.”

Shortly afterwards the websites of Russian state-controlled channel RT and the state-owned Gazprom power company, as well as some government sites, disappeared offline. Anonymous claimed its people were behind the outages.

Then on Friday the Conti cyber-criminal gang, which is based in Russia, warned it too was stepping into the fray. Conti, which was responsible for last year’s crippling of the Irish Health Service via a ransomware attack, said it did not support the war, nor was it acting at the behest of the Russian government, but would retaliate against any cyberwarfare by the West.

“As a response to Western warmongering and American threats to use cyber warfare against the citizens of Russian Federation, the Conti Team is officially announcing that we will use our full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world,” it warned in a statement seen by El Reg.

The FCC, America’s communications watchdog, is reportedly attempting to identify telecoms providers and other companies it oversees that have close ties to Russia, in case a further crackdown on Moscow is needed following the invasion of Ukraine.

Ransomware attacks almost double and recovery rates are dropping

More bad news on the ransomware front this week, with a couple of reports claiming global infection rates went up 92.7 per cent last year and that recovering from an attack – even if you pay up – is getting harder.

NCC Group released figures indicating a huge jump in the use of ransomware, with America the top target at 53 per cent of monitored infections, and Europe at 30 per cent. The top targets remain government organizations and the industrial sector, which account for around 20 per cent each of the total.

“Many of the dangers which we first identified at the start of the pandemic have snowballed in 2021, revealing a developing threat landscape with ransomware attacks on the rise,’ said Matt Hull, NCC’s global lead for strategic threat intelligence.

And the news isn’t good for those afflicted either. ID management house Venafi this week reported that 35 per cent of those that actually paid the ransom still couldn’t get heir data back. In cases of double attacks, when the public exposure of stolen data is threatened, 18 per cent of those who paid still had their information leaked, compared to 16 per cent who suffered a similar fate after refusing to pay the ransom. 

Interestingly, the report noted that 32 per cent of attacks were employing so-called triple attacks, where the attackers use the purloined data to threaten suppliers and customers. Nearly two thirds of those surveyed said they would more likely pay up as a result of these extra threats.

America’s number one… in value to criminals, at least

An interesting analysis of adverts placed by access brokers, who sell access to compromised systems, has found Americans are still the top target, although the UK is only just second in terms of monetary value.

After going through two years of cyber-crime forum postings, the team at Crowdstrike noted that 55 per cent of ads were for US companies and individuals, and they topped the cost chart with an average value of $3,985 per system. The second most valuable nation was the UK, at $3,925, although it only accounted for 7 per cent of adverts.

Government institution access is the most expensive sector covered in the report, with an average cost of $6,151, closely followed by the finance industry. In some cases access brokers were charging five-figure sums for vital accounts.

“The academic sector has historically been a popular focus of ransomware operations, with intrusions timed to coincide with the start of a new school term to cause the greatest disruption and in turn encourage a quick ransom payment,” the report states.

“Almost 40 per cent of the academic sector advertisements were for access to US-based institutions, with a spike in activity noted in August 2021 that coincides with the start of the new semester.”

Low-tech cyber-fraudster admits crimes

A Nigerian credential-stuffer who managed to bilk HR departments out of around $800,000 pleaded guilty this week to one count of computer fraud in the Southern District of New York.

Charles Onus, 34, was arrested in 2021 in San Francisco on his way to Las Vegas after being accused of taking part in an organized campaign to target human resources and payroll staff to divert funds into other accounts. Rather than using high-level computer skills, Onus and his pals took existing credentials leaked in past attacks and banked on staff reusing passwords and login data. 

As any security professional will not be surprised to learn, it was very successful. Onus admitted diverting around $800,000 in purloined funds using the cracked work accounts at US companies from July 2017 to 2018.

“Charles Onus admitted to participating in a scheme to steal hundreds of thousands of hard-earned dollars from workers across the United States by hacking into a payroll company’s system and diverting payroll deposits to prepaid debit cards he controlled,” said Damian Williams, US Attorney for the Southern District of New York.

“Our office will continue to work with our law enforcement partners to zealously arrest and prosecute those who seek to commit cybercrimes targeting Americans from behind a keyboard abroad.” ®