Gds

The Gather Data Sampling (GDS) vulnerability, a flaw in software design or implementation that allowed users to exfiltrate AES 128-bit and 256-bit cryptographic keys on a separate virtual machine (VM), has significantly impacted the cybersecurity landscape. This vulnerability was combined with the Load Value Injection (LVI) technique, revealed in 2020, to form the Gather Value Injection (GVI) method. A series of cyberattacks exploiting this vulnerability were carried out between September 2021 and January 2023, targeting GDS Holdings and ST Telemedia Global Data Centers (STT GDC). These attacks negatively impacted major customers, including Amazon and Walmart, by compromising login credentials for customer-support websites. In response to these attacks, GDS and STT GDC changed customer passwords in late January. However, shortly after, Resecurity, a cybersecurity research firm, identified hackers offering the stolen databases for sale on a dark web forum. The hackers provided screenshots showing them accessing accounts for five companies via the GDS and STT GDC online portals. Resecurity alerted GDS, STT GDC, and a small number of its own clients about the breach. Approximately 2,000 customers of GDS and STT GDC were affected by these security incidents. Mitigation measures have been implemented to partially protect against GDS and GVI attacks, although these are not without drawbacks. Disabling simultaneous multithreading (SMT), for example, can partially mitigate these attacks but comes with a 30% loss in performance, and leaks across context switching still occur. Despite these challenges, the importance of addressing such vulnerabilities is underscored by the global reliance on large-scale genomic datasets, such as those accessed through the NIH GDS program, which hold transformative potential for scientific discovery and healthcare advancements.