Despite using methods that are "bold, illogical, and poorly thought out, Lapsus$ has successfully breached companies like Microsoft, Vodafone and Nvidia. Credit: Cosmin4000 / Getty Images [Editor’s note: This article originally appeared on the CSO Germany website on July 29.] Claire Tills, senior research engineer at Tenable, describes the methods of the hacking group Lapsus$ as bold, illogical and poorly thought out. The criminals attacked renowned companies such as Microsoft, Samsung, Nvidia, Vodafone, Ubisoft and Okta. They stole data and sometimes used ransomware to extort their victims. How Lapsus$ became famous In contrast to other cybercriminal gangs, Lapsus$ organizes itself exclusively through a private Telegram group and does not operate a leak site on the dark web. As Tills wrote, the group has so far announced its next victims via Telegram. She also noted that Lapsus$ asked the community for suggestions as to which company data should be published next. Lapsus$ garnered a lot of attention for its unconventional tactics and unpredictable methods. Early this year, for example, it was involved in the multi-stage theft of data from computer systems of the customer service provider Sitel. This in turn led to a security incident at IAM provider Okta. According to Tills, the group then relied heavily on classic tactics such as Initial access via purchased or publicly accessible login databases Password theft Paying employees for their access data Bypassing multi-factor authentication by spamming submissions or contacting the helpdesk Access to applications such as VPNs, Microsoft SharePoint or virtual desktops to collect additional credentials and access sensitive information Elevating permissions by exploiting unpatched vulnerabilities in Jira, GitLab and Confluence Smuggling data out via NordVPN or free file drop services and then wiping resources Leverage access to victim’s cloud environments to build attack infrastructure and remove all other global administrators Does Lapsus$ stay dormant? Although it is difficult to identify individual members of the hacking group, law enforcement agencies have been able to trace Lapsus$’s operations to a few teenagers in Brazil and the UK. From the subsequent arrests and “apparent silence from the group,” Tills concludes that the hackers are talented but inexperienced. Lapsus$ has been quiet for a few months (although Cisco claims the group was among those responsible for a breach of its IT network in May). Tills did not speculate whether this is because some members were unmasked and arrested, or whether the teenagers simply lost interest. Instead, she concluded her report with an appeal: “Ransomware extortion attacks will never end unless they become too complicated or too costly. Organizations should consider what defenses they have against the tactics used, how they can be hardened, and whether their crisis response plans effectively take these incidents into account. Therefore, the danger emanating from hacker groups like Lapsus$ should not be downplayed. Especially since the group successfully attacked large international tech groups with simple tactics, sometimes with serious consequences.” Related content opinion Proactive, not reactive: the path to ensuring operational resilience in cybersecurity The experience of the financial sector in dealing with threats is instructive to anyone in the cybersecurity space — there’s no substitute for getting out ahead of potential risks and problems. By Cameron Dicker Dec 04, 2023 6 mins Financial Services Industry Financial Services Industry Financial Services Industry feature 4 budget-savvy strategies for building an effective purple team Building a purple team is not only for organizations with a generous budget. From the shoestring one-person operation harnessing open-source power to the well-oiled machine of a comprehensive team, organizations of all sizes have a pathway to heighte By Maril Vernon Dec 04, 2023 14 mins Threat and Vulnerability Management IT Training Risk Management news Is China waging a cyber war with Taiwan? Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. By Gagandeep Kaur Dec 01, 2023 4 mins Cyberattacks Government news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe