At a glance.
- Ransomware at NVIDIA.
- Aon investigates cyber incident.
Stolen NVIDIA employee info published by hackers.
Multinational gaming and computing tech company NVIDIA has confirmed that employee data were compromised in a cyberattack that occurred last month, and the attackers have begun publishing that data online. "We are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information,” an NVIDIA spokesperson told Security Week. The Lapsus$ ransomware gang has taken credit for the hack, claiming on a Telegram channel that they pilfered more than a terabyte of NVIDIA data and posting samples of the information online. The company’s ongoing investigation into the attack has not yet revealed any evidence of ransomware.
Neil Jones, Cybersecurity Evangelist at Egnyte, sees a lesson for access management:
"In light of the escalating volume of cyber-attacks, organizations need to solidify their access management practices, reduce potential cyber-attack surface by limiting users' access to highly-sensitive information based on "Business Need to Know" and enact or update quarterly cyber-security awareness training. The NVIDIA attack is a textbook example of how attackers have extended their reach beyond companies' PII, PHI and financial information, to confidential product schematics and source code. The best way to manage a cyber-attack is to prevent it in the first place, and the best ransom payment is the one that's never made. Companies can usually weather major cyber-storms by developing a comprehensive and effective Incident Response plan, which can be adapted to rapidly-changing circumstances."
Gal Helemski, CTO and co-founder of PlainID, looks at the benefits a zero-trust approach to identity can begin:
"Seeing Nvidia suffer a data breach highlights a critical aspect with modern-day security. When it comes to internal breaches where networks are compromised, identity is still the number one challenge. Organizations must adopt a 'Zero Trust' approach, which means trusting no one – not even known users or devices – until they have been verified and validated. Access policies and dynamic authorizations are a crucial part of the zero-trust architecture, as they help to verify who is requesting access, the context of the request, and the risk of the access environment.
"Instead of pouring more money into a shotgun approach to security, organizations need a more focused strategy oriented on purchasing the highest reward tools. Identity and authorization are where the smart money should be going. If we assume hackers are already in the network, it makes sense to focus budgets on technologies that restrict movement inside the network.”
Aon targeted by hackers.
Insurance broker Aon submitted an 8-K filing with the US Securities and Exchange Commission on Monday disclosing it experienced a recent cyberincident. Detected on February 25th, the incident impacted only a “limited number of systems,” according to investigation results so far. Aon, the second-largest insurance broker in the world with approximately 50,000 employees across one hundred twenty countries, stated, “Although the Company is in the early stages of assessing the incident, based on the information currently known, the Company does not expect the incident to have a material impact on its business, operations or financial condition.” Sam Linford, VP Channel & MSSP EMEA at Deep Instinct, told Security Week, “The valuable data held by insurance companies is an attractive target for cyber criminals, which means that the industry has to make sure that they implement solutions which prevent data from being breached. AON were able to limit the impact of the attack to a few systems due to acting quickly and having a response method in place.” As Computing notes, hackers allegedly connected to the REvil ransomware group recently stated that insurance firms and brokers were at the top of their target list, as these companies maintain valuable data about their clients’ cybersecurity strategies, as well as insurance details indicating which clients are more likely to pay up in the event of a ransomware attack. That said, Aon’s investigation into the incident has not yet shown any indication of ransomware on their systems.