The attack reportedly completely compromised Nvidia's internal systems.

Edward Gately, Senior News Editor

February 28, 2022

3 Min Read
Smart hacker
Shutterstock

Artificial intelligence (AI) computing giant Nvidia reportedly is investigating a potential cyberattack carried out by the Lapsus$ ransomware gang.

According to The Telegraph, Nvidia experienced a “devastating” cyberattack that “completely compromised” the company’s internal systems last week.

Bloomberg also reports that the Nvidia cyberattack appears to have been a ransomware attack that’s not connected to the crisis in Ukraine, citing a person familiar with the incident. The hack looks to be relatively minor and not fueled by geopolitical tensions.

“We are investigating an incident,” a Nvidia spokesperson said. “Our business and commercial activities continue uninterrupted. We are still working to evaluate the nature and scope of the event and don’t have any additional information to share at this time.”

Nvidia High-Profile Target for Cybercriminals

Pan Kamal is head of product at BluBracket, a provider of code security solutions.

Kamal-Pan_BluBracket.jpg

BluBracket’s Pan Kamal

“Nvidia produces the most widely used computing accelerators used for everything from gaming to crypto mining, to industrial and scientific supercomputing applications,” he said. “This makes them a high-profile target for attacks of all types.”

Processor, chip and board-level design today are largely completed in software prior to committing to silicon or other physical forms, Kamal said. The lines between application, system and infrastructure are blurring as infrastructure as code (IaC) becomes the norm.

“Fundamentally, everything is code and it stands to reason that this code must be protected,” he said. “A key element in protecting IP for these companies is focusing on the internal software supply chain. Most code resides in Git repositories. Attackers have set their sights on these fat and juicy stores of code looking for weaknesses that they can exploit. It is imperative to detect and prevent code risks in these repositories.”

Though early reports suggest this was a ransomware attack, the broad use of their hardware leads to equally broad use of the special purpose drivers and SDKs required to use that hardware, Kamal said.

“If attackers were able to breach the company’s code [repositories] or continuous integration/continuous deployment (CI/CD) systems, that could lead to a devastating software supply chain attack on users of Nvidia products,” he said. “Because the company’s software is not open source, the company may have to take special efforts to demonstrate that its systems are free of persistent threats, and the software it produces has not been tampered with.”

Full Impact of Attack Still Unknown

Mike Parkin is senior technical engineer at Vulcan Cyber.

Parkin-Mike_Vulcan-Cyber.jpg

Vulcan Cyber’s Mike Parkin

“There’s not enough information available publicly to know if this was a unique or unusual attack,” he said. “Though it does show that even a company like Nvidia, with a mature security stack, can be a victim.”

Nvidia claims their operations remain uninterrupted, Parkin said. However, there’s no way to tell how significant the incident is until more information becomes available. It depends largely on what data was accessed and what the attackers choose to do with it.

As for whether this attack could have prevented, the answer is maybe, he said.

“The threat actor that claimed responsibility for the Nvidia attack is relatively new and appears to be active,” Parkin said. “We’re likely to see more from them until they change their profile. It’s not uncommon for these groups to rebrand themselves, merge with another group, or otherwise change their image, so old threat actors become new again.”

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:

MSPsVARs/SIs

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like