Module Code & Module Title

CC4004NI Cyber Security Fundamentals

Assessment Weightage & Type

50% Individual Coursework

Year
AY 2022 - 2023

Student Name: Satyandra Kayastha

London Met ID: 22085599
College ID: NP01NT4S230016
Assignment Due Date:
Assignment Submission Date:
Word Count: 3126

I confirm that I understand my coursework needs to be submitted online via Google Classroom under the
relevant module page before the deadline for my assignment to be accepted and marked. I am fully
aware that late submissions will be treated as non-submission and a mark of zero will be awarded.

1
2
Table of Contents
Abstract............................................................................................................................ 1
1. INTRODUCTION.......................................................................................................2
1.2 Aim of the report:................................................................................................ 2
1.3 Objective of the report:........................................................................................2
1.4 NVIDIA................................................................................................................ 2
1.5 LAPSUS$ RANSOMWARE................................................................................3
1.6 Lapsus$ Ransomware attack on Nvidia..............................................................4
2. SECTION 1................................................................................................................6
3. SECTION 2................................................................................................................8
3.2 Governing bodies in united states America.........................................................8
3.3 Governing bodies of Nepal................................................................................12
4. SECTION 3..............................................................................................................13
4.1 duties as a CISO.................................................................................................. 14
4.2 Security lesson from Lapsus$...........................................................................14
4.3 Protecting measures as CISO...........................................................................17
Conclusion..................................................................................................................... 18
References.....................................................................................................................19
Appendices.................................................................................................................... 21

3
Abstract

In this research, It’s about the APT (Advanced persistent threat) as ransomware attack
on a business or organization which include the loss of financial and employee’s data.
APT (Advanced persistent threat) ransomware as form lapsus$ targeting the company
from American as Nvidia.
The APT ransomware attack effect on the company and its employees are explained in
the first section of report. In section 1 its explained about the attack as in when it
happened, why the company was targeted, how the company made a mistake.
In section 2, Governing bodies of international organization like based on America has
explained their laws and regulation in the organization as well as governing bodies of
national as in Nepal laws which can be effective in implementing the legal terms if those
type of attack occurred.
In section 3, my opinion and duties as CISO (chief information security officer) are
presented in order perform the preventive measure against those types of attacks.
Additionally, its a suggestion to solve the cyber-attack and later it could be cyber
security standards.
As in conclusion, its summarized the importance of APT, governing bodies of
international or national and including the preventive measure against the cyber-attacks.

1
 1. INTRODUCTION

Advanced persistent threats (APT), cyber-attacks, and malware have been intentionally
disrupting networking systems and communication networks, causing service
interruptions and damaging vital networking devices and cyberinfrastructure. Cyber
threats are any type of hostile assault that seeks to disrupt routine operations, gain
unauthorized access to sensitive data, or compromise any legitimate information
systems. In response to these issues, strong gateway defence mechanisms are
required to defend edge networks from harmful cyber assaults. (Shengjie xu, Yi Qian,
Rose Qingyang hu, 2023)

1.2 Aim of the report:

- Find about the apt attack in recent years.

- Get information on lapsus$ ransomware.
- How lapsus$ attack on Nvidia.
- Find protection from lapsus$.

1.3 Objective of the report:

- To know about APT

- To know Ransomware.
- To know about governing bodies of international and national.
- To know about preventive measures and protection from APT as CISO.

1.4 NVIDIA

Nvidia is an American global technology corporation headquartered situated in Santa

Clara, California, America. Nvidia creates graphic processing units (GPU), application
programming interfaces (API) for data science and high work rate performance
computing. It is the most leading hardware and software development in artificial

2
intelligence. Their graphic processing units (GPU) implements for the application in
media and entertainment, engineering, architecture, and scientific research.

Nvidia company was founded on April 5, 1993 by Jensen Huang, Chris Malachowsky,
and Curtis Priem. Their goal of the company is bringing 3D graphic to the gaming and
multimedia business. (Nvidia, 2023)

1.5 LAPSUS$ RANSOMWARE

Lapsus$ is a hacker group that has been operating since at least 2019, with the
mastermind alleged to be a 16-year-old Oxford, England teenager. The group is thought
to be well-organized and well-funded, having members from all around the world.
Lapsus$ is well-known for high-profile cyberattacks on government and business
targets, as well as for employing advanced malware and encryption tactics. (Forbes,
2023)

3
Lapsus& is said to be south American in origin with many other additional members
from countries like protugal and latin America. Even though Lapsus$ has been all
around the globe. (ilascu, 2022)

They have a public profile and engage regularly through telegram and emails. As their
lack of an effective technical plan to hide themselves, London metropolitan police
service find a strategic take down of seven people in age between 16 to 21 believed to
be members of Lapsus$ in 2022 march. (BlackBerry, 2022)

1.6 Lapsus$ Ransomware attack on Nvidia

In 2021 as per IBM report, Lapsus$ got into Nvidia internal network and managed to
steal important data from login credentials to trade secrets. The lapsus$ hackers
wanted Nvidia to delete the mining limiters on their RTX 3000-series GPU as ransom.

4
Later on Lapsus$ informed the nvidia that if they failed to agree to the lapsus$ hacker
demand by 2021 march 4, the hacker’s may would have leaked the trade secrets. So
Nvidia does not submit their ransom demand to the lapsus$.

Later, the lapsus$ hackers leaked Nvidia official code signing certificates. Now, hackers
are using them to bypass windows defender built in executable verification and sneak in
as malware. As on hackers has made the malicious programs that look like legit Nvidia
software.

After that lapsus$ started leaking employee of Nvidia credentials and important
information as downloadable files on the internet. In 2022 February 23, Nvidia found out
about the breach and this breach lead to disrupt its business.

Lapsus$ has stolen about one terabyte of data with some amount of sensitive info on
GPU designs, source code for Nvidia AI system known as DLSS usernames and
passwords of more than 71000 employees.

Their security stepped up for law and enforcement. Now they are working with cyber
security experts to deal with the lapsus$ attack. (Arul, 2022)

5
 2. SECTION 1

It is revealed that NVIDIA has been hacked and a large amount of data, including part of
the source code for NVIDIA's drivers, has been leaked. This leak also includes the
source code for features such as DLSS and the parts of the code that disable LHR
(Light Hash Rate) on certain cards. LHR is a mechanism implemented by NVIDIA to
deter cryptocurrency miners from buying up graphics cards, which has contributed to
the ongoing GPU shortage. The leak is of particular interest to the Linux community, as
NVIDIA's drivers on Linux are considered subpar, and the open-source Nouveau driver,
developed through reverse engineering, is not as performant as the proprietary NVIDIA
driver. While there is excitement about the leak potentially improving the open-source
driver, it is unlikely that a fully open-source NVIDIA driver will be developed from this
leak due to the legal complexities and difficulty of writing device drivers. However, there
is a possibility that NVIDIA may be forced to open source their drivers as a result of this
hack. (tidy, 2022)

it is revealed that hackers have demanded that NVIDIA open source their drivers as part
of a ransom. They also demanded a payment of $1 million. Although NVIDIA attempted
to retaliate by installing ransomware on the hackers' systems, the hackers claim to still
have the stolen data and have released only 18 gigabytes out of a supposed one
terabyte. Reports suggest that NVIDIA did not comply with the hackers' demands, and
the hackers have shifted their focus to a recent Samsung hack instead. As time passes,
it becomes less likely that NVIDIA will meet the hackers' demands. (bbc, 2022)

the implications of the NVIDIA source code leak. They argue that the leak is unlikely to
benefit projects like open source video drivers due to copyright and intellectual property
laws. They highlight the potential legal consequences faced by those who work on such
projects and suggest that websites and social media posts related to the project would
likely be taken down. The speaker also mentions the possibility of NVIDIA filing lawsuits
against developers of potential open source drivers and points out the company's
powerful legal and counter-cyber-attack departments. They further explain that the
leaked source code may not benefit companies like AMD in developing competing

6
technologies, as NVIDIA could potentially bankrupt them with lawsuits. However, they
speculate that an alternative driver for mining cryptocurrency may emerge due to
financial incentives. The speaker mentions the underground nature of crypto mining in
some countries and the potential profitability of developing drivers for crypto miners.
They suggest that the payment for the source code leak may occur using
cryptocurrency, making it difficult to trace. Finally, they mention that the leaked driver
signing certificate for NVIDIA on Windows could enable hackers or malware developers
to create rootkits that are harder to combat with antivirus software. (acronis, 2022)

they explain that hackers could pose as a trusted vendor, making their malicious code
appear as signed legitimate driver code from NVIDIA. This is particularly concerning
because driver code operates at a lower level in the operating system, giving a virus
extensive control over a user's system. The speaker advises Windows users to be
cautious when downloading suspicious software claiming to be signed by NVIDIA, as it
may not actually be legitimate. (reiff, 2022)

7
 3. SECTION 2
3.2 Governing bodies in united states America

In this particular section, it explains about the national and international governing
bodies for cyber security in order to implement on the company so, that company can
implement those governing bodies for their own context of security from those apt or
cyber-attack.

8
Nvidia is an American company which follows the America governing bodies. Their
governing bodies include FBI-federal Bureau of investigation. FBI investigate for
terrorism, cyber-crime, counter intelligence, civil rights, public corruption, weapons of
mass destruction, organized crime, violent crime and white collar crime. (FBI, 2023)

In spite of all those investigations we as cyber security learner most focus in cyber-
attack. Likewise, the FBI is the lead federal agency for investigating cyber-attack and
intrusion. They collect and share intelligence and invest with victims while working to
unmask those committing malicious cyber activities.

FBI work through developing innovative investigative techniques, using cutting edge
analytic tools. The FBI continues to adapt to meet the challenges posed by the evolving
cyber threat.

They also provide the cyber safety tips which shows government are concern about
their citizens. The following are:

 Keep systems and software up to date and install a strong, reputable anti-virus
program.

 Be careful when connecting to a public Wi-Fi network and do not conduct any
sensitive transactions, including purchases, when on a public network.
 Create a strong and unique passphrase for each online account and change
those passphrases regularly.
 Set up multi-factor authentication on all accounts that allow it.
 Examine the email address in all correspondence and scrutinize website URLs
before responding to a message or visiting a site
 Don’t click on anything in unsolicited emails or text messages.

9
  Be cautious about the information you share in online profiles and social media
accounts. Sharing things like pet names, schools, and family members can give
scammers the hints they need to guess your passwords or the answers to your
account security questions.
 Don't send payments to unknown people or organizations that are seeking
monetary support and urge immediate action.

(FBI, 2023)

In terms of legal, CIFAA (Computer Fraud and Abuse Act) is the leading federal anti-
hacking legislation that prohibits unauthorized access to another's computer system.

Although the law was originally meant to protect the computer systems of U.S.
government entities and financial institutions, the scope of the Act expanded with
amendments to include practically any computer in the country. Examples of such
devices are servers, desktops, laptops, cell phones, and tablets.

Criminal penalties under the CFAA:

The chart below provides select examples of violation of the CFAA and the penalties.

10
 Offense Penalties (Prison Sentence)
Obtaining National Security Information First conviction: Up to 10 years

Second conviction: Up to 20 years

Accessing a Computer to Defraud and First conviction: Up to five years

Obtain Value
Second conviction: Up to 10 years

Accessing a Computer and Obtaining First conviction: Up to one year

Information
Second conviction: Up to 10 years

Intentionally Damaging by Knowing First conviction: Up to 10 years

Transmission
Second conviction: Up to 20 years

Extortion Involving Computers First conviction: Up to five years

Second conviction: Up to 10 years

Trafficking in Passwords First conviction: Up to one year

Second conviction: Up to 10 years

(FIndLaw, 2022) (nacdl, 2023)

11
The chart shows the yearly complaints and losses of cyber-crime of FBI. (Kovacs, 2022)

3.3 Governing bodies of Nepal

In the context of Nepal, The Electronic Transaction Act, 2063(2008) make

implementation for legal provision for punishment and consequence of cyber-crime. The
punishment and consequence to person for obtaining unauthorized information of a
company, the ETA will punish them with a fine that not exceeding ten thousand rupees
or imprisonment not exceeding two years or both. Section 44, Section 45, Section 46,
Section 47, Section 48, Section 52, Section 53, Section 55 of ETA,2063(2008) holds for
the legal terms of cyber-crime.

Likewise, lapsus$ if they made into Nepal they will get these punishment and
consequences.

In case of destroying or altering computer source data in Nepal, ETA,2063(section 44)

by person intentionally they will be punishing for imprisonment not exceeding three
years with two lakh rupees fine or both.
12
ETA,2063(section 55) which contains punishment for committing cyber-crime outside
Nepal. They may be a filed against them and will be punish accordingly.

ETA, 2063(section 52) this section from eta for committing a computer fraud. If they are
found for committing computer fraud. They must return the all the financial gain and will
get a fine not exceeding 1 lakh or two years’ imprisonment.

(ETA, 2008)

4. SECTION 3

In this section, I as chief information security officer or CISO giving the suggestion or
implementing the security context in order to prevent the Nvidia Lapsus$ ransomware
attack. (k.namuduri, m.varanasi, 2011)

As we know, the chief information security officer, or CISO, is a senior executive in

charge of an organization's information, cyber, and technological security. The CISO is
responsible for creating, implementing, and enforcing security policies to safeguard vital
data. (CISCO, 2023)

4.1 duties as a CISO

1. Creating and implementing a secured system in order to prevent, detect, mitigate

and recover from cyber-attack.

13
 2. Teaching and managing the networks or technology risk with business ceo and
managers.
3. Creating and implementing cyber security strategy and framework for securing
the business networks and technology.
4. Continuously reviewing and managing the networks and technology risk of the
business.
5. Applying the cyber governance, risk and process.
6. Explaining and reporting to the higher levels employees of the business.
7. Creating, reviewing, and justifying cyber security investments in business.
8. Educating and implementing on going cyber security awareness training for
employees.
9. Implementing disaster recovery protocols and business continuity.

4.2 Security lesson from Lapsus$

a. Exploiting Trusted Third-Parties

Supply chain attacks of all kinds are becoming more widespread as attackers seek
better ways to get around strong corporate security postures. When companies
reevaluate their trusted relationships with third parties, it is vital to consider not only
systems and technologies, but also the human risk component.

The Lapsus$ group has deliberately targeted lower-level individuals within the multiple
business partners of huge businesses. They appear to be specifically targeting
customer support call centers and help desks as they prepare to execute social
engineering attacks. These vendors are certainly adequate for establishing a foothold in
the target firm, even if they are not at the top of a corporation's security threat
monitoring program. This appears to have occurred in the Okta hack, with Lapsus$
infiltrating Okta's systems via a compromised employee account at a customer service
provider.

Allowing permissive sharing rights with business partners is a significant mistake that
should be avoided. (campfield, 2022)

14
b. Recruiting Insiders

LAPSUS$ has actively sought business insiders (including workers and contractors) to
give credentials and MFA codes, as well as to install remote management tools such as
Any Desk. Microsoft confirmed that the group's recruitment efforts were successful.
Insider recruitment is an increasing concern to enterprises, and a number of criminal
organization, including ransomware groups like lockBit 2.0 and DemonWare, are
actively employing this strategy. According to one recent survey, 65% of business had
staff targeted for illegal recruiting.

Malicious insiders pose a significant security problem, but businesses can mitigate their
risk by tightening employee access controls and monitoring. Companies should be able
to detect anomalous network activity, such as massive file transfers or downloads, and
they should keep an eye out for any red flags in online interactions, including not only
email but also social media and messaging apps. (campfield, 2022)

c. Gaining Access to Messaging Platforms

Credential theft has long been an issue for businesses, but the risk has previously been
focused on email and sensitive access mechanisms such as remote desktop protocol
(RDP). Attacks can, however, take a more convoluted method by attacking peripheral
accounts such as messaging platforms and personal emails and working inward from
there, as demonstrated by organizations such as Lapsus$.
A hacker who gains access to a company's Slack channel is not only able to search
through older files and information posted on the platform, but they are also in an ideal
position to carry out social engineering assaults, specifically using conversation
hijacking techniques. Slack and other messaging services frequently lack the ability to
detect potentially harmful attachments and links. (campfield, 2022)

d. Pass-the-Cookie Attacks

15
hackers such as the lapsus$ group are also using session cookies to obtain
unauthorized access to email, messaging clients and other account.

Pass-the-cookie attacks pose an extra issue for businesses because they undermine
the most fundamental safeguard for user accounts and remote workers—multifactor
authentication. Stolen session cookies are common in dark web marketplaces and
frequently sold for low rates. This is what enabled the 2021 attack on Electronic Arts
(which may have involved a member of Lapsus$), in which hackers obtained access to
the company's Slack channel via a stolen cookie and then conducted social engineering
tactics to steal 780 GB of data. (campfield, 2022)

e. Privilege Escalation

Once LAPSUS$ has gained access to a business asset, they will hunt for ways to
increase their network privileges. This usually entails two strategies. First, they search
for unpatched vulnerabilities in internal systems as well as any secrets exposed on
employee-accessible resources (such as internal code repositories and messaging
systems). Social engineering is the second strategy. If the group has access to a
message system or can reach out to internal assistance, they will try to persuade them
to change the password for a more privileged account.
Although privilege escalation is frequently difficult to detect, particularly when the
attackers use social engineering, businesses might look for suspect logins, unexpected
network traffic, aggressive or irregular requests in chat platforms, and malware
activities. (campfield, 2022)
(neuens, 2023)

16
 4.3 Protecting measures as CISO

As CISO at cyber security best practice applies especially with regards to vulnerability
management, identity access management, and security monitoring. I as CISO list out
measures for protecting from Lapsus$ are:

- Implementing multi factor authentication for all employees in business

environment.
- Having ensure all the devices, network, and technology with access to
business environment are trusted patched, and running up to date security
software before having access.
- Ensure least privileged access to all the administrator and employees
account.
- Scanning and patching vulnerabilities all the technology assets of business.
- Monitoring and upgrading the cloud security.
- Monitoring logs for suspicious activity as 24/7 related to identities and
access.
- Blocking any medium or high risk log in attempts, modification and
configuration changes.
- Motivating employees to report any suspicious or unusual contact from
business.
- Motivating employees to report any suspicious activity from third party
application.
- Using VPN to all employees for route the connecting device internet
connection to the firewall network.
- Setting for filter all internet traffic by proxy.
- Setting VPN to have certain conditional access requirements before
employees can connect to VPN.
- Understanding all the business internet traffic behavior to detect suspicious
traffic.

17
 (secon, 2022) (microsoft, 2023) (spitzner, 2023)

Conclusion

In conclusion, the ransomware like lapsus$ has major impact on the cyber security.
Such attack can be known with their malicious intent and destructive nature and finding
vulnerabilities in the technology. The aftermath of lapsus$ attack was devastating in
terms of financial losses and also the trust, data, integrity and continuity.
The rapid increasing rate of lapsus$ attack must handle through higher cyber security
measures. Business or organization must implement the proactive defense
mechanisms, daily updates, employees training, and daily monitoring to find and
respond to potential threats. Creating a well know cyber security information relationship
to government and cyber security which important to solve evolving cyber threats.
In human factor, ransomware attack can be solve through importance of ethical
approach. Later on the responsible for use of technology and a person should be not
offensive. There should be balance to keep the ethical part as well as unethical part of
cyber security.
As a cyber-security learner, there must be approachable and transparent
communication. The learning commitment to continuous improvement with the lesson
as be learned. By learning like these lapsus$ attack on the organization as Nvidia can
be found next defense mechanism as cyber security.
Lastly, In order to upgrade the security infrastructure, adapting to evolving threats and
having policy of trust, transparency and security that connects the human factor. There
are thing we can solve the necessary risk done by ransomware and creating a safer
platform for all.

18
References

acronis, 2022. nvidia hit by lapsus$ ransomware. [Online]

Available at: https://m.facebook.com/ingrammicroasia/videos/2nvidia-hit-by-lapsus-
ransomware-acronis-cyber-protect/354021669972838/?
_se_imp=1WQ8q9RHf2PHAUrWP
Arul, A., 2022. lapsus$ hack leaves Nvidia in a tight spot. [Online]
Available at: https://analyticsindiamag.com/lapsus-hack-leaves-nvidia-in-a-tight-spot/
bbc, 2022. a closer look at the lapsus$ data extortion gropu. [Online]
Available at: https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-
extortion-group/
BlackBerry, 2022. who is the lapsus$ group. [Online]
Available at: https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-
protection/lapsus
campfield, m., 2022. fve security lesson from the lapsus$. [Online]
Available at: https://securityboulevard.com/2022/05/five-security-lessons-from-the-
lapsus-attacks/
CISCO, 2023. what is CISO?. [Online]
Available at: https://www.cisco.com/c/en/us/products/security/what-is-ciso.html
ETA, 2008. the electronic transactions act. [Online]
Available at: http://www.tepc.gov.np/uploads/files/12the-electronic-transaction-act55.pdf
FBI, 2023. The cyber threat. [Online]
Available at: https://www.fbi.gov/investigate/cyber
FBI, 2023. what we ivestigate. [Online]
Available at: https://www.fbi.gov/investigate
FIndLaw, 2022. Hacking laws and punishments. [Online]
Available at: https://www.findlaw.com/criminal/criminal-charges/hacking-laws-and-
punishments.html
Forbes, 2023. teenagers leveraging threats: lapsus$ hacker group. [Online]
Available at: https://www.forbes.com/sites/emilsayegh/2023/03/15/teenagers-
leveraging-insider-threats-lapsus-hacker-group/?sh=6ab653924e43

19
ilascu, i., 2022. lapsus$ suspect arrested for microsoft, nvidia, okta hacks. [Online]
Available at: https://www.bleepingcomputer.com/news/security/lapsus-suspects-
arrested-for-microsoft-nvidia-okta-hacks/
k.namuduri, m.varanasi, 2011. the cheif security officer problem. In: baltimore,USA:
ieeexplre.ieee.org.
Kovacs, E., 2022. Cybercrime losses exceeded $10 billion dollar in 2022:FBI. [Online]
Available at: https://www.securityweek.com/cybercrime-losses-exceeded-10-billion-in-
2022-fbi/
microsoft, 2023. DarkReading. [Online]
Available at: https://www.darkreading.com/microsoft/6-ways-to-protect-your-
organization-against-lapsus-
nacdl, 2023. computer fraud and abuse act (CFAA). [Online]
Available at: https://www.nacdl.org/Landing/ComputerFraudandAbuseAct
neuens, e., 2023. what is zero trust architecture?. [Online]
Available at: https://www.sans.org/blog/what-is-zero-trust-architecture/
Nvidia, 2023. about us. [Online]
Available at: https://www.nvidia.com/en-us/about-nvidia/corporate-timeline/
reiff, n., 2022. nvidia suffers leak of comapny, employee information in cyberatacck.
[Online]
Available at: https://www.investopedia.com/nvidia-announces-cyber-attack-leak-of-
company-information-5220786
secon, 2022. what do i need to do about Lapsus$?. [Online]
Available at: https://seconcyber.com/what-do-i-need-to-do-about-lapsus/
Shengjie xu, Yi Qian, Rose Qingyang hu, 2023. Cyber threats and getway defense.
[Online]
Available at: https://ieeexplore.ieee.org/document/9943580
spitzner, l., 2023. everything you need to know about password best practices for your
organiztion. [Online].
tidy, j., 2022. lapsus$: oxford teen accused of being multi-millionare cyber criminal.
[Online]
Available at: https://www.bbc.com/news/technology-60864283

20
Appendices

1. Timeline: on 23 february 2022, lapsus claimed that they breach into the system
of Nvidia via their official telegram. Their breach happen to stole a terabyte of
data and threating to leak the nvidia gpu (RTX 3039ti). Later on they also claim
the 71000 employees personal data as well as their passwords. Their telegram :
https://telegram.im/@minsaudebr?lang=en

2. Regulatory and legal consideration: in this developing innovative investigative

techniques, using cutting edge analytic tool of forging new partnerships in their
communities. They happens to continue to adapt to meet the new challenges
performed by the evoling cyber threat. In this link an American citizen can
complain their report: https://www.ic3.gov/

3. Preventive measures: FBI also provide the cyber safety tips to prevent from the
cyber-attacks. It can be look through via link:
https://www.fbi.gov/investigate/cyber

4. Technical details: In terms of technicality, the lapsus$ success on the attack

through MFA fatigue, Sim swapping and also with social engineering.

5. References and sources: a full list of sources, articles and book found through
the help of teachers, mainly with online websites.

21