Saturday, December 03, 2022

Understanding Teen Hackers: DHS to Examine Attacks from LAPSUS$ Gang

The Department of Homeland Security's Cyber Safety Review Board is going to review the hacking techniques from LAPSUS$ to help organizations protect themselves from similar threats.
Dec 02, 2022



To bolster the country’s cybersecurity, the Department of Homeland Security is going to examine the hacking techniques from the cybercriminal gang LAPSUS$ to find ways companies can protect themselves from similar threats.

The review means US officials will be scrutinizing a suspected group of teenage hackers. Even so, LAPSUS$ was able to breach numerous high-profile companies earlier this year including Nvidia, Microsoft, Samsung and most recently Uber and possibly Rockstar Games.

DHS is kicking off the probe through its Cyber Safety Review Board, which was launched in Feb. The board’s goal has been to “thoroughly assess past events, ask the hard questions, and drive improvements across the private and public sectors.”

The board’s first project was to examine last year’s pervasive Apache Log4j 2 vulnerability, which state-sponsored hackers were quick to exploit. The review resulted in 19 recommendations for the government and the industry to take, which included greater investment in open source software security.

The Cyber Safety Review Board selected LAPSUS$ as its next project, saying the group managed to “bypass a range of commonly-used security controls and has successfully infiltrated a number of companies across industries and geographic areas.”

In addition, the LAPSUS$ gang often resorted to cyber extortion. For example, when the group hacked Nvidia, its members began trying to sell the company's stolen information unless Nvidia paid up in cryptocurrency. Numerous ransomware gangs have been using the same tactic over the years to pressure victims into surrendering to their demands.

The other reason DHS is conducting the review might be because law enforcement has already apprehended two suspected members of the group, one in Brazil and one in the UK. Since the arrests, the gang's activity has also been quiet.

Hence, US investigators may already have greater insight into the gang's tactics and motives. The Cyber Safety Review Board said it plans on developing “actionable recommendations” companies can take to protect themselves from similar attacks.

Jen Easterly, director for the US’s Cybersecurity and Infrastructure Security Agency, noted the LAPSUS$ gang has also infiltrated IT systems at healthcare and government organizations. “The range of victims and diversity of tactics used demand that we understand how LAPSUS$ actors executed their malicious cyber activities so we can mitigate risk to potential future victims,” she said in a statement.

No comments: