Nvidia is thinking about beginning production of crypto-mining specific Ampere graphics cards that come without display outputs, but first, it needs to find out whether there’s enough mining demand for the latest graphics processors. 

“If crypto demand begins or if we see a meaningful amount, we can also use that opportunity to restart the CMP [mining-specific GPUs] product line to address ongoing mining demand,” said Colette Kress, chief financial officer at Nvidia, at the 19th Annual J.P. Morgan Tech/Auto Forum Conference.

Demand for gaming graphics cards, high-performance processors, and game consoles has exceeded supply for months as people spend more time at home and entertain themselves playing the latest game titles. Cryptocurrency valuations have skyrocketed recently, reactivating miners who rushed to get graphics cards, further increasing demand for GPUs. Nvidia has had a hard time understanding how demand from cryptominers affects its current sales, but it is mulling restarting the production of mining-specific graphics cards. 

“We don’t have visibility on how much of the GeForce RTX 30-series end demand comes from mining,” said Kress. “So, we don’t believe it’s a big part of our business today. Gaming demand is very strong, and we think that’s larger than our current supply.” 

It doesn’t always make a lot of sense to mine Bitcoins using Nvidia’s latest GPUs, which tend to be pretty expensive. There are special accelerators designed for Bitcoin mining, and those ASICs tend to be considerably more efficient than graphics processors. In contrast, GPUs are used to mine Ethereum, which has been gaining price in recent weeks, just like Bitcoin. 

Since demand for Nvidia’s products has generally been high in recent months, it isn’t easy for Nvidia to understand how significantly cryptominers affect this demand, especially keeping in mind the fact that select makers of graphics boards have mined cryptocurrency at their own facilities before releasing these cards to the market.  

It is beneficial for Nvidia to clearly understand how many of its GPUs are needed by cryptominers. Since miners only need compute capabilities of a GPU, they do not need display outputs, and they do not care if the GPU they use comes with disabled texture mapping units or lacks video processing capabilities. As a result, Nvidia can sell them graphics processors that would otherwise go to waste. Those come in the form of the aforementioned CMP GPUs. 

But before making such chips available to add-in-board (AIB) manufacturers, GPU designers need to figure out the total available market that they are trying to address so they don’t bin chips that aren’t needed. Before that happens, GPU developers may just enjoy additional demand for their products.  

Joe Biden, Elon Musk, Jeff Bezos and other high-profile Twitter account holders were the targets of a widespread hack to offer fake bitcoin deals on Wednesday in one of the most pronounced security breaches on a social media site. Accounts for former US president Barack Obama, Microsoft co-founder Bill Gates, musician Kanye West and both Uber and Apple also posted similar tweets, all instructing people to send cryptocurrency to the same bitcoin address. The tweets were removed throughout the afternoon, shortly after being posted.

“The hackers ask users to send anywhere between 0.1 BTC to 20 BTC to a designated Bitcoin address and that they’ll double victims’ money,” explained Satnam Narang, Staff Research Engineer, Tenable. “This is a common scam that has persisted for a few years now, where scammers will impersonate notable cryptocurrency figures or individuals. What makes this incident most notable, however, is that the scammers have managed to compromise the legitimate, notable Twitter accounts to launch their scams. Because the tweets originated from these verified accounts, the chances of users placing their trust in the CryptoForHealth website or the purported Bitcoin address is even greater.”

Narang further added that this is a fast moving target and so far over $50,000 has been received by the Bitcoin address featured on the CryptoForHealth website and in Elon and Bill Gates’ tweets. “We strongly advise users never to participate in so-called giveaways or opportunities that claim to double your cryptocurrency because they’re almost always guaranteed to be a scam,” Narang said.

There have been hacks of high-profile individual accounts on Twitter before, including Twitter chief executive Jack Dorsey last year. But the widespread nature of this attack suggested an unusually broad access to internal controls. While it was unclear how the attacks originated or why they went on for hours, some cybersecurity experts speculated that someone may have gained access to internal Twitter controls that allowed them to take over and post on the accounts.

“While the origins and scope of this pervasive attack are under investigation, the coordinated Bitcoin giveaway scam itself was designed to convince millions of Twitter followers to believe the fraudulent tweets, click the link, and pay Bitcoin,” said Loïc Guézo, Senior Director of Cybersecurity Strategy, EMEA at Proofpoint. “People are still a main focus for threat actors, even in scenarios where a system is possibly compromised. The social engineering featured in this scam demonstrates that the attackers targeted Twitter employees with access to internal tools and preyed on the trust associated with verified accounts and the attraction of doubling your money. To make the scam seem more authentic, they even set a time limit and an easy payment option to drive a swift response. Threat actors understand human nature and are unrelentingly focused on taking advantage of our society’s trust in digital channels.”

The attack also partially shut down the network. Twitter said in a tweet that some users weren’t able to tweet while it was addressing the incident. Users with the check mark indicating that their accounts were verified by Twitter reported that they weren’t able to tweet. Twitter started letting verified accounts tweet again yesterday night but warned the “functionality may come and go” as it worked on a fix to the breach. Later the same night, Dorsey tweeted that the company was “diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.” He called it a “tough day” at Twitter.

“Until we know exactly how these scam tweets were sent, it’s difficult to suggest what actions you might take, particularly given that access to services such as password changes (and presumably also changing details such as two-factor authnetication numbers) is being restricted,” explained Paul Ducklin, principal research scientist, Sophos. “However, these scammers will only succeed if people fall for their unlikely messages – which rely on people suspending their disbelief simply because the tweet comes from a celebrity or someone they are inclined to trust.”

Twitter said in a later tweet that it “detected a coordinated attack by people who successfully targeted some of our employees with access to internal systems and tools.” The hackers used that access to take over the accounts. The breach will create major optics challenges for Twitter, and it will make it more challenging moving forward to verify the authenticity of messages on the service, cybersecurity experts warned. That could have wide-reaching implications for politicians, celebrities and brands that use Twitter as an essential channel for communication.

Some of the people who were hacked indicated that they had turned on two-factor authentication and were using strong passwords, which typically makes unauthorized account access much more difficult. Meanwhile, Uber’s corporate account posted a tweet that read, “Due to Covid-19, we are giving back over $10,000,000 in Bitcoin! All payments sent to our address below will be sent back doubled.”

Uber confirmed in a tweet that its account had been hacked. “Like many others, our @Uber account was hit by a scammer today. The tweet has been deleted and we’re working directly with @Twitter to figure out what happened,” the company’s communication team tweeted. Then came a tweet from Amazon CEO and Washington Post owner Bezos’s account. “I have decided to give back to my community.” The tweet said it would be limited to $50 million.

Twitter said in tweets Wednesday night that it had “locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.” Meanwhile, the company is internally limiting access to tools while it investigates what happened.

ESET researchers have recently discovered a previously undocumented botnet named VictoryGate. It has been active since at least May 2019, and is composed mainly of devices in Peru, where over 90% of the infected devices are located. The main activity of the botnet is mining Monero cryptocurrency. The victims include organizations in both public and private sectors, including financial institutions. Thanks to data obtained during this research and shared with the nonprofit Shadowserver Foundation, at least a portion of the botnet operation has been disrupted.

ESET researchers have been “sinkholing” several domain names that control the botnet’s actions, replacing them with machines that do not send the botnet’s slave computers the commands they expect, but simply monitor botnet activity. Based on this data and ESET telemetry, ESET estimates that at least 35,000 devices became infected with VictoryGate at one point or another during this campaign.

The only infection vector used for spreading VictoryGate is via removable devices. “The victim receives a USB drive that at some point was connected to an infected machine. It seemingly has all the files with the same names and icons that it contained before being infected. Because of this, the content will look almost identical at first glance. However, all the original files were replaced by a copy of the malware,” says ESET researcher Alan Warburton, who investigated the botnet. “When an unsuspecting user attempts to open one of these files, the script will open both the file that was intended and the malicious payload.”

Warburton also warns about the impact on victims’ machines: “There is very high resource usage by the botnet, resulting in a constant 90% to 99% CPU load. This slows down the device and can cause overheating and possible damage.”

According to ESET research, VictoryGate has made a much greater effort to avoid detection than in previous, similar campaigns observed in the Latam region. And, given the fact that the botmaster can update functionality of the payloads that are downloaded and executed on the infected devices from cryptomining to any other malicious activities at any given time, this poses a considerable risk. This is particularly true since many of the victims identified were in either the public sector or in financial institutions.