The US Cybersecurity Watchdog has published a report on the activities of the Lapsus $ group.
The US Department of Homeland Security published a report yesterday analyzing the attacks of the hacker group Lapsus$. Attackers hacked dozens of organizations with reliable security, using fairly simple methods like SIM Swapping
The Lapsus$ investigation began in December 2021, when the group published confidential data of companies allegedly hacked by them, including Microsoft, Cisco, Okta, Nvidia, T-Mobile, Samsung, Uber, Vodafone, Ubisoft and Globant.
Lapsus$ is described as a poorly organized group of teenagers from the UK and Brazil. They operated in 2021-2022 for fame, money, or entertainment, using simple but sometimes creative hacking techniques.
The main method of Lapsus$ is SIM Swapping. The attackers transferred the victim's number to their own SIM card, using social engineering or the help of an internal employee of the telecom operator. And in some cases, fraudsters directly hacked the account of one of the provider's employees in order to perform SIM Swapping on their own.
In order to obtain any confidential information about their victim (name, phone number, service information about the client's network), members of the group sometimes even resorted to fraudulent requests for emergency disclosure of information, pretending to be law enforcement officers.
When attackers gained control of their victim's phone number, they intercepted SMS messages with two-factor authentication codes needed to access corporate systems and data, getting into the networks of target companies.
According to the report, the group also paid up to $20,000 a week to access the carrier's illegal SIM interception platform, so it's safe to say that hackers have plenty of money. Although there are no public cases of extortion by Lapsus$, some companies allegedly transferred a cash ransom to cyber hooligans.
Despite the group's high performance, it often failed where companies used multi-factor authentication (MFA) via PUSH notifications to their smartphones in conjunction with intrusion detection systems (IDS). Where response procedures were implemented, the damage was significantly reduced.
Lapsus$'s activities have been quiet since September 2022, likely due to law enforcement investigations that led to the arrests of several members of the group. Nevertheless, hackers have already made history as the youngest and most reckless intruders.
Cybersecurity experts recommend that companies switch to passwordless authentication, abandon SMS codes, and increase cooperation with law enforcement agencies in order to reduce the risk of using the methods that Lapsus$cybercriminals actively used.
The US Department of Homeland Security published a report yesterday analyzing the attacks of the hacker group Lapsus$. Attackers hacked dozens of organizations with reliable security, using fairly simple methods like SIM Swapping
The Lapsus$ investigation began in December 2021, when the group published confidential data of companies allegedly hacked by them, including Microsoft, Cisco, Okta, Nvidia, T-Mobile, Samsung, Uber, Vodafone, Ubisoft and Globant.
Lapsus$ is described as a poorly organized group of teenagers from the UK and Brazil. They operated in 2021-2022 for fame, money, or entertainment, using simple but sometimes creative hacking techniques.
The main method of Lapsus$ is SIM Swapping. The attackers transferred the victim's number to their own SIM card, using social engineering or the help of an internal employee of the telecom operator. And in some cases, fraudsters directly hacked the account of one of the provider's employees in order to perform SIM Swapping on their own.
In order to obtain any confidential information about their victim (name, phone number, service information about the client's network), members of the group sometimes even resorted to fraudulent requests for emergency disclosure of information, pretending to be law enforcement officers.
When attackers gained control of their victim's phone number, they intercepted SMS messages with two-factor authentication codes needed to access corporate systems and data, getting into the networks of target companies.
According to the report, the group also paid up to $20,000 a week to access the carrier's illegal SIM interception platform, so it's safe to say that hackers have plenty of money. Although there are no public cases of extortion by Lapsus$, some companies allegedly transferred a cash ransom to cyber hooligans.
Despite the group's high performance, it often failed where companies used multi-factor authentication (MFA) via PUSH notifications to their smartphones in conjunction with intrusion detection systems (IDS). Where response procedures were implemented, the damage was significantly reduced.
Lapsus$'s activities have been quiet since September 2022, likely due to law enforcement investigations that led to the arrests of several members of the group. Nevertheless, hackers have already made history as the youngest and most reckless intruders.
Cybersecurity experts recommend that companies switch to passwordless authentication, abandon SMS codes, and increase cooperation with law enforcement agencies in order to reduce the risk of using the methods that Lapsus$cybercriminals actively used.
