Recently, the semiconductor industry is very uneven, the hacker extortion incident for industry giants is spreading and fermenting rapidly, from chip designers such as Nvidia to chip foundries such as Samsung and Universal Crystal, all of which have been threatened by hacking organizations.
The origin of this ransomware incident was the cyber attack launched by the hacking group Lapsus$ on Nvidia on February 23 this year. At that time, the hacking group claimed that it had successfully stolen more than 1TB and 400,000 pieces of data, including Nvidia's core technical files and the personal data of NVIDIA employees. The incident caused an uproar in the semiconductor industry, and no one knew who the hacking group's next target really was.
What many people did not expect was that Samsung became the next target of this hacking group. According to Yonhap News Agency, on March 4, the hacking organization Lapsus $ announced that it had invaded Samsung Electronics' servers and stole a large amount of source code, with a total data capacity of 190GB, which not only included confidential information such as bio-unlocked information, Samsung account authentication information, and even some source code from Qualcomm.
(Source: Chosun, Samsung Electronics formally responds to the hacking incident)
Although Samsung made an official statement today, saying that the data breach only involved part of the source code related to the operation of Galaxy mobile phones and would not have any impact on the company's business or customers, the recurrence of such security incidents has cast a shadow on the development of the semiconductor industry. The question is, why does this always happen in the semiconductor industry?
The giants who were horrified
Recently, the life of the semiconductor giants has not been peaceful.
On the morning of February 25, according to the British media "Daily Telegraph", NVIDIA's email system and developer tools had been difficult to operate for the previous two days due to malicious cyber attacks. Subsequently, an NVIDIA spokesperson said that the company had detected the occurrence of a "cybersecurity incident" on February 23, and although there was no evidence that the incident was a ransomware attack, the attacker did steal employee credentials and proprietary information.
The next afternoon, the hacking group Lapsus $ announced on Telegram that they had taken the cyberattack on Nvidia and claimed to have stolen more than 1tb of data, including hardware schematics and software source code. If NVIDIA is reluctant to cooperate, then they will disclose all the data five times.
As the boss of the industry, NVIDIA is not a vegetarian, and in the face of The Provocation of Lapsus$, they immediately carried out a wave of retaliatory strikes.
In the early hours of Feb. 27, Lapsus$ suddenly burst into a verbal assault on social media. They said that because of the intrusion backdoor left in the NVIDIA background, their machine was reversed by NVIDIA and encrypted on the hard disk containing the data. However, they have already backed up all the data in advance, so NVIDIA can only fall short in the end.
Lapsus$, which was tragically counter-invaded, naturally will not give up. As they say, lapsus$ began gradually making Nvidia's data public on Feb. 28, and the first wave of leaked data contained more than 400,000 documents containing 71,000 employee emails and passwords that were confirmed by NVIDIA's internal employees and said they had been affected.
(Official confirmation that employee information was leaked)
According to netizen observations, there are also many clues to NVIDIA's future products in this batch of code, including NVIDIA's unreleased flagship graphics card RTX 4090, which is codenamed AD102, with a 384-bit bus, 24GB of video memory and 96MB of L2 cache, as well as the processor of Nintendo's next-generation game console, which is codenamed NVN2, and is expected to use DLSS technology.
To this day, NVIDIA has not met the requirements of LAPSUS$, considering that the hacking organization still has a lot of internal information, the game between the two sides is expected to continue.
Interestingly, and Nvidia's previous affairs had not yet subsided, Lapsus$ immediately set his sights on the next victim. According to the technology website BleepingComputer, Lapsus$ recently uploaded a large amount of confidential data allegedly from South Korean giant Samsung Electronics.
The batch of materials, which is said to be nearly 190GB, is split into three compressed files that are available for download through a peer-to-peer network. According to the description, the data includes the biometric unlocking device algorithm, some of the basic service source code, and even confidential source code from Qualcomm.
(Source: BleepingComputer)
If what the hackers say is true, Samsung will obviously face a very serious security accident, whether it is for Samsung itself, or for Qualcomm, Samsung users, it is a complete disaster.
From the current clues, it is not clear why the hacking group Lapsus$ attacked Samsung, what demands it made, and whether there was blackmail on the benefits. Judging from the attitudes of both parties, Samsung Electronics may have directly rejected the ransom demand made by the other party, and Lapsus$ also knows that the value of the data in his hands is not high, which eventually directly caused the public disclosure of these sensitive data, and Samsung has not publicly commented on the extortion incident for the time being.
Lapsus$ is what the hell is sacred
Many people will wonder, what is the recent "big splash" Lapsus$ is sacred?
Xue, a senior analyst at cybersecurity firm Digital Shadows, said Lapsus$ is likely to be an emerging hacking group of South Americans. The group was born in 2020 and attacked the database of the Brazilian Ministry of Health that year, not only leaking up to 50 terabytes of national data from the Brazilian Ministry of Health, but even deleting this information from the official database as a way to extort it.
Lapsus$ has been in the spotlight of security researchers ever since. Meanwhile, Lapsus$ continues to attack other businesses, such as portuguese media group Impresa, South American telecommunications provider Claro and Embratel, which have become infamous in South America. But what really "went out" of the organization was the cyberattack on NVIDIA at the beginning of this year.
Although Lapsus$ has broken through government and corporate databases several times, they never seem to have achieved the results they want. Judging from the data provided by the security company, in the face of the extortion request of Lapsus $, the Brazilian Ministry of Health said that it could recover the destroyed data within a month, and the South American companies basically did not make a positive response, and as for their request to NVIDIA, it was completely ignored by the other party.
Even so, Lapsus$ seems to be getting more and more frustrated, continuing to shoot at tech companies. According to foreign media reports, yesterday evening, the South American e-commerce platform/payment platform Mercado Libre was attacked by Lapsus$, and the data of more than 300,000 users has been accessed by hackers. On Lapsus$'s Telegram channel, they're constantly seeking the opinions of their fans, looking for the next target.
Jon Andrews, vice president of security analytics platform Gurucul, said Lapsus$'s move is different from regular hacking platforms and that the group's motivation may be more than just extortion. "If you want money, it's more useful to simply encrypt the victim's data and ask for a ransom," Andrews said, "targeting only large companies and soliciting targets from fans, clues that they are not just trying to make a quick profit, and it is not clear whether their ultimate goal is to increase influence, steal intellectual property, or launch a commercial attack." ”
Cybersecurity, a chicken feather
For many readers, what happened during this time is somewhat beyond their imagination. Whether it is NVIDIA or Samsung Electronics, it is a well-deserved giant enterprise in the semiconductor industry. It has the top technology level in the entire industry. Is it really reasonable that such a behemoth would be attacked by a hacker organization that did not know where to come out of nowhere, and even did not have a little countermeasure?
In fact, cybersecurity awareness in the semiconductor industry may be much worse than you might think. Just look at the end of 2020 to the present, there have been wafer foundry leader X-FAB, semiconductor giant Foxconn, industrial automation and industrial Internet of Things giant Advantech and flash memory giant SK Hynix ransom incident, ransom money generally reached more than 10 million US dollars, and this is just the tip of the iceberg of the global semiconductor chip industry's network security status quo.
According to a research report presented by BlueVoyant last year, the vast majority of semiconductor industry chain companies around the world currently have very serious security vulnerabilities, which may be exploited by malicious hacking groups at any time.
According to BlueVoyant, they surveyed the 17 most outstanding companies in the global semiconductor supply chain, of which 88% of the surveyed companies have serious and high-risk vulnerabilities, 94% of the surveyed companies have open exposed high-risk ports, and the network security defense with a large number of vulnerabilities can make it easy for attackers to gain a foothold in the system and cause huge losses.
Personally, I believe that if you want to reduce the problem of network risk, then semiconductor companies should engage in two major aspects: pre-prevention and after-the-fact emergency response. First of all, in the case of a large number of information and intelligent systems online today, semiconductor companies should regularly carry out network security awareness training to help employees establish a correct network security awareness and prevent employees from making low-level mistakes such as "leaking information".
Secondly, semiconductor companies should establish enterprise security protection programs with network security companies, in addition to equipping professional firewalls to implement real-time supervision of the intranet, they should also strengthen the control of servers, network security equipment and computer rooms, so as to effectively solve external and internal network threats and protect the data security of production materials and office networks.
Finally, semiconductor companies must establish a complete after-the-fact emergency response mechanism. In order to prevent the hacking team from locking important information through network attacks, enterprises should do every three days / week to back up important data in offline local servers, so that in the event of a data breach can be timely early warning and stop loss.