Nvidia hit with a Major Cyberattack

[Armenius]

All I know of this weekends leaks are that they published NVidia’s driver certificates so malware publishers can use them to certify the installers.

Wonder how long its going to take to get those invalidated.

The leaked certificates are already in circulation and new malware/virus variants are already popping up using them.

There is a registry tweak how to prevent Windows from validating them. Because Windows will still allow the installation of expired certs for legacy reasons.

This is why it drives me crazy that people link to third-party sites for drivers all the time instead of the source.

 

[Mchart]

This is why it drives me crazy that people link to third-party sites for drivers all the time instead of the source.

What, you don't download your drivers from warez.ru?

 

[ElementDave]

So I didn't see actual confirmation I trust. Did they leak what they promised? If so, how do you guys think that will effect nvidia in the future?

I'm aware only of the code-signing certificate issue that has already been mentioned by Lakados (links below were chosen somewhat arbitrarily from Google's unbiased rankings):
https://www.theregister.com/2022/03/05/nvidia_stolen_certificate/
https://www.bleepingcomputer.com/ne...ing-nvidias-stolen-code-signing-certificates/

bleepingcomputer.com said:
To prevent known vulnerable drivers from being loaded in Windows, David Weston, director of enterprise and OS security at Microsoft, tweeted that admins can configure Windows Defender Application Control policies to control what NVIDIA drivers can be loaded.

Besides that, the release of internal Samsung data by the same group has received some attention, which polonyc2 mentioned earlier in this thread, but that appears unrelated to the NVIDIA incident.

I'm a bit surprised by how relatively quiet the weekend was, as I expected a circus even in the absence of further leaks, but the less attention the hackers receive the better; that is, after all, exactly what the spoiled brats crave. One possible explanation for the silence is that the hackers reside in one those alternate universes such as the multiverse, metaverse, or even NVIDIA's Omniverse™, in which some sort of weird time zone applies such that Friday has not yet occurred. Another one is that they're full of shit and were bluffing. I'll leave it to you to decide which of the two is more probable.

I should note that I avoid mainstream social media like the plague, so anything restricted to that domain would've gone unnoticed.

 

[noko]

Well you have to give your users access to the data somehow. How would such a system work? Users login to a virtual environment that has an encrypted connection to somewhere else? Adds latency, time and complexity.

Even if you made some fake honeypot for hackers totally separate, how much information will you really get from them and what is the incentive for a company to setup the extra expense?

It sounds like a great idea (that's why I am asking), just don't see how it would be practically implemented.

lol, asking a non security dude how. Anyways this hack has been bad so far for Nvidia and can become very disastrous for them, equivalent maybe if the Pentagon got hacked, or Lockheed Martin got hacked for all the schematics for the next fighter jet. So from an utter non expert, one can think out of the box, literally out of the box in this case.

1. Principles that deter
   1. Data overload, 1 TB of encrypted data mixed in with multiple encrypted (different encrypted pockets, hundreds of them) let say 1000TB of Jensen's leather jackets, files with different artificial lengths, data etc. with various code names
      1. I do not see latency as a problem. Reason -> Netflix servers with tens of thousands of TB of information (shows, movies etc.) can send to your TV packets of information out of many from this collection of data, in real time, uninterrupted, streamed correct video. In Netflix case to millions of users, packet by packet almost randomly as needed depending upon the content stream rate required.
      2. Files streamed to authorized person besides being encrypted is bloated with useless information entangled with real, authorize user hardware with new live encrypted key will decrypt the userable packets (random changes in key during session)
      3. All output from hardware is encrypted, screen captures/keyboard/video and files would become worthless
      4. All files on hardware, encrypted, key controlled by Nvidia (As in AI controlled)
   2. False files, source code etc. that turns out to be pure gibberish -> use that Nvidia AI to simulate complete garbage from old source files or randomized open source files
2. Access restrictions beyond the norm:
   1. Hardware as well as individual identification:
      1. 2 factor access or more, person and approved hardware for that person
      2. Hardware used and person authenticated together
      3. A separate dongle, owned only by that person only may also be required
   2. With above, live test
      1. Approved person, hardware and maybe unique dongle verified
         1. Live video looking at user (monitor camera or other), monitor will turn different shades of color to verify server is actually connected to approved user and hardware. Example, screen turns all Green, Blue etc. which camera will show happening verifying user and hardware to the server.
            1. Or commands for user to raise right hand, number of fingers, blinks and so on for AI
         2. AI will identify the person as the approved user to allow access, facial recognition on top of the above
3. Allow hackers controlled access (unbecoming to them) to track and give information to local governments. Even false information dealing with hackers caught and turned over to authorities for investigation, staged deterrence. While all the above can be hacked with ever more difficulty, this one makes it to become a gamble for a hacker

Anyways, the data breach with Nvidia points clearly that the security field has much room to grow and improve. Now will a true security expert really give why Nvidia failed, weakness that was exploited and why it happened and most importantly how to ensure it could never happen.