If you or your business has started seeing more spam, phishing, possible identity theft or other malware, it may be because of a massive hack of two major tech giants.
American colossus Nvidia (NVDA) – Get NVIDIA Corporation Report has been fending off a massive cyber attack for several weeks now, and Korean giant Samsung (SSNLF) recently divulged that it has been targeted by the same group of hackers.
The Lapsus$ ransomware group claimed responsibility for the Nvidia breach last week, and its demands became increasingly high-stakes as the company neared the hackers’ March 4 deadline.
What Did the Group Want?
The group wanted Nvidia to remove its Lite Hash Rate, which crypto evangelists abhor for curbing the amount of cryptocurrency ethereum that can be mined on the company’s RTX 30 series graphics cards.
That particular function is the most prized of all of Nvidia’s innovations, so releasing it was — if the company wanted to stay in business — unlikely, at the very least.
The group then claimed responsibility for a cyberattack on Samsung, in which it reportedly breached 190 gigabytes of highly sensitive data, including secret source code and a host of other major information.
How Long Has This Been Going On?
Samsung did not give a timeline on its leak, but Nvidia said it had been aware of its cyberattack since Feb. 23, meaning both could have been long-running, ongoing assaults.
Lapsus$, which is said to be based in South America, did not make ransom demands for Samsung public.
But when Nvidia didn’t meet its request — or at least did not publicize them, if it did capitulate — a firestorm of malware was loosed onto the internet.
Does This Mean You Have Been Hacked?
Now, the group is taking its revenge. Multiple hack-tracking sites have reported that malware is spreading across the internet in massive waves — and that it is using “Nvidia signed” verification certificates to install drivers on computers, particularly those using Windows.
The malware spreading is using two certificates issued by Verisign to the Nvidia Corp. that have both expired, one in 2014 and one in 2018.
Although they are expired, computer security specialist Bill Demirkapi told tracking site Tom’s Hardware that Windows still allows them as legitimate driver signers.
“A long list of malware seems to have been seeded, now certified as genuine Nvidia code. Among the suspicious packages, many seem to be infected with Mimikatz, a program used to extract passwords, PINs, and similar from a computer’s memory that falls victim to it,” the site reports.
So How Can You Stay Safe?
For now, if you’re running Windows, it might be time to put in a call to IT or find a way to block those specific certificates.
Just be aware that installing a block could also potentially block other important, completely legal drivers that you use a lot, creating a snarl or traffic jam in your computer processes.
“Computer administrators can block code signed by the rogue certificates from running on machines using Windows Defender Application Control policies to control what Nvidia drivers can be loaded,” Tom’s Hardware said.
“However, this is an advanced configuration process, so it is hoped Microsoft will provide user updates to revoke the stolen certificates,” it said. “However, such a sweeping action by Microsoft might block some older, legitimate Nvidia drivers from working on Windows 10 and 11.”
Malware Tensions Are High
Market watchers have been closely following the hack, as NATO and its allies stepped up sanction on Russia following its invasion of Ukraine, with chipmakers on the top of the list of companies that will stop doing business with the country.
The sector itself has been on high alert during Russia’s conflict with Ukraine, with many chipmakers steeling themselves for malware and various forms of cyber warfare after American manufacturers and their products joined the list of sanctions imposed on Russia.