After the ride-hailing service Uber, Rockstar Games has now also fallen victim to a hacker attack. Like the Uber attack, this attack can also be assigned to the Lapsus$ ransomware group. Sophos specialists comment on the new attack.
The video game manufacturer Rockstar Games recently confirmed a cyber attack in which, among other things, 3 GB of video material from the upcoming blockbuster game "Grand Theft Auto VI" was stolen. While further details have yet to be awaited, the attacker claims to represent the same group that breached Uber's internal systems late last week; meanwhile, Uber attributes the attack to the cybercriminal group LAPSUS$.
Same attack - different attack paths
In the case of Uber, the first breach occurred after the attackers bought a contractor's company password on the dark web. By bypassing the contractor's multi-factor authentication (a growing problem, Sophos recently reported), the attacker was then able to gain access to employees' internal communication channels, such as Slack. Little is known about the Rockstar Games attack strategy, but the attacker also claims that Slack served as a backdoor.
Chester Wisniewski, Principal Research Scientist at Sophos, comments on the attacks: “The attacks on Uber and Rockstar Games feel like we are reliving the Lapsus$ attacks of late 2021 and early 2022. And indeed Uber just blamed the Lapsus$ group for the breach.
Social Engineering Attacks
While the 2021 cyberattack on interactive entertainment giant Electronic Arts began with criminals using stolen cookies to infiltrate its Slack channel in July 2021, the Uber breach appears to have started with another method of bypassing the multinational -Factor authentication using social engineering was used to gain access to Slack. Once again, the saying goes that the chain of security is only as strong as its weakest link – and all too often that is the people.
It is unclear at this point what made the initial compromise at Rockstar Games possible. But a group claiming to be the same hacker as Uber posted in-game footage of "GTA VI" and claimed the attack started with a social engineering attack similar to the attack on Uber. This is not surprising as it is an incredibly effective early compromise technique and exploits trust in privileged insiders.
The much too fast way to the insider
Safety is a system, and it needs redundancy no differently than an airplane or a spaceship. Accordingly, it must be designed to be fault-tolerant. In all of these cases, it seems to have been enough to gain access as a trustworthy insider in order to then meander through various systems with criminal intentions. Networks must be designed to verify an individual's identity and credentials when accessing a new or privileged realm.
While full details of the attacks are not yet known, they already serve as a good reminder to keep employees informed about the security culture and once again demonstrate the importance of implementing additional authentication for users in sensitive areas. Social engineering can bypass certain multi-factor authentication solutions, so it's definitely worth implementing stricter policies for access to critical systems.”
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.