LAPSUS$ gang caught? The attacks continue nonetheless. Corporate workers should be better educated about attacks using social engineering techniques and be an active part of the defense together with MTR services.
The notorious LAPSUS$ gang is(was) attracting a lot of attention with their cybercriminal activities – not only because they have been linked to attacks on Microsoft, Samsung, Okta, Nvidia and others with their extraordinary social engineering techniques and extortion, but also because she still seems to be highly active. And this despite the fact that some of the alleged masterminds have already been arrested. That raises questions.
Perfidious tactics and arrogance
The LAPSUS$ group has taken social engineering in cybercrime to a new level. It goes far beyond the usual methods of flattering or taking advantage of victims. It also appears to be using direct bribery, offering to pay company insiders for remote access. Not even one person within the targeted company is needed for this. A technical or human vulnerability in the supply chain is enough to penetrate the target company. This is what is believed to have happened, for example, with the attack on Okta, a provider of two-factor authentication systems.
According to Microsoft, it was only possible to stop this data theft halfway because the LAPSUS$ gangsters arrogantly and openly boasted about their ongoing coup on Telegram.
Arrests in UK - but it goes on
A little over a week ago, London police reported that several suspects had been taken into custody. These were seven people between the ages of 16 and 21, who were then initially released. The media quickly linked the arrests to LAPSUS$. Meanwhile, LAPSUS$-related activities continued: about 70 GB of data stolen by the software development company Globant was leaked to the public.
The big mystery about the LAPSUS$ gangsters
The mystery surrounding the LAPSUS$ gangsters recently reached new heights when London police said two suspects, aged 16 and 17 - believed to be two of the seven previously arrested - were due to appear in court. Charges have been brought against the two, according to London police.
What to do?
In a follow-up report, the BBC insists the suspects have been charged with "hacking into a major cybercrime gang", specifically stating in its headline that this gang is in fact LAPSUS$. However, it is unlikely that reliable details will be known before a court decision.
The most important thing, meanwhile, is that companies be prepared for the LAPSUS$ attacks aimed at gaining remote access to systems by tricking, persuading or bribing company employees to do so. If companies don't already have a quick and easy way for their employees to report security anomalies to internal security experts, now is the time to do so.
In any case, there are two important points to note
- If an unusual link, unexpected attachment, password request, or dubious-sounding offer occurs, the company should report it immediately. Each report should be treated seriously, because even if it is a false alarm, it is important to keep the users in the company motivated to protect the company. Love editing one message too many times than missing the right one.
- Additionally, a Managed Threat Response (MTR) service that takes care of the details of cybersecurity, especially when internal resources are limited, can be of great help.
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.