With the internet, spying doesn't require sending a person behind the enemy lines. Instead, espionage has gone global, and hackers can do this while sitting behind their desks, halfway across the globe.
In fact, they can also do this through their laptops in a public space at restaurants, as long as there is an internet connection. Hackers can also do this while lying on their beds in their bedrooms in their pajamas.
One day after Microsoft confirmed that it was hacked by the hacker group Lapsus$, Nvidia's CEO Jensen Huang shared his thoughts regarding his own company’s experience with the hacker group.
According to the CEO speaking to Yahoo! Finance:
The CEO said that Nvidia became a victim of Lapsus$' hack in February 2022, and that proved the company needs to move to a "zero trust" security stance.
By moving to "zero trust," Nvidia should treat everyone inside the company a potential security threat. From executives to those with the least salary should not be trusted.
Going to more details, zero trust security essentially means that companies should not trust anyone who has access to its systems and/or services.
While extreme precautions apply to anyone without usernames, passwords, and multi-factor authentication, zero trust security procedures is meant to continuously check those people to determine whether they are indeed authorized to access any other parts of a company’s systems.
Even when the users are already verified.
"The path to a zero trust data center starts with the technologies that we're building," Huang said.
And when dealing with multi-factor authentication, Huang admitted that the procedure can be a burden.
"So now, this has happened to us, and the discipline around it, the rigor around it has gone through the roof, which is fantastic. But long term, we have to make it possible for our data center to literally be completely wide open, completely exposed, and yet be completely secure," he said.
"And so we have to really bring accelerated computing into the enterprise…and we know how to do that. I’ve just got to go do it."
While Nvidia didn't provide details on how Lapsus$ managed to hack its systems, Huang stressed that most cybersecurity threats come from within an organization.
For example, threats can come in the form of an employee’s credentials, their username and password, being stolen or otherwise compromised.
This is why Huang considers zero trust as the way out.
Besides hacking Nvidia and Microsoft, Lapsus$ has also hacked Samsung, Ubisoft and others.
Just like any other hackers working with a global reach, Lapsus$ has taken advantage of remote work that became common throughout the COVID-19 pandemic.
Being away from office means that employees have to connect to the internet with means provided by their employers, in order to work. While this can be a convenient to some employees, this practice can make businesses more vulnerable to hacks.
And Lapsus$ isn’t a traditional ransomware organization.
Rather than just encrypting victims' data for ransom, the group also extorts its victims data, before then threatening them to leak it online if they don't pay up.
In Nvidia's case, things were rather different. Instead of demanding money, the hacker group that gained access to Nvidia's source code, ordered it to remove limitations on its graphic cards that make them less useful to cryptocurrency miners.