Cyberattacks are making waves again, but in this special case, the hacking group involved seems to be run entirely by teenagers. The Lapsus$ hacking group first made headlines in December 2021 when it conducted a ransomware attack on the Brazilian Ministry of Health. The group compromised COVID-19 vaccination data from millions of people in the country. It has since then targeted a number of well-known technology companies such as Samsung, Vodafone, Ubisoft, Okta, and many more.
Microsoft Targeted By Lapsus$ Cyber Attackers
Microsoft too confirmed in March that it had been breached by the Lapsus$ group, but that it resulted in limited access to the company’s infrastructure, and no access to Microsoft customers’ data. Microsoft’s cyber response teams were able to quickly remediate the compromised account and prevent additional malicious activity.
Nonetheless, in the past, the Lapsus$ group attempted to steal user credentials to access corporate networks, then use Microsoft collaboration tools like SharePoint, Teams, and Slack to find other users on the networks to target and deepen their penetration. Apparently, the hacker group even listened in on conference calls as they discussed the company’s response to the breach.
Lapsus$ is reported to have a very comprehensive understanding of technology supply chains and how it can exploit organizational relationships between companies to its advantage. The group has targeted a wide range of organizations, including government, healthcare, energy, manufacturing, education, and retail.
Lapsus$ Targets Multifactor User Authentication
Multifactor authentication (MFA) is a popular defense mechanism to prevent hackers from accessing networks from the outside. MFA ensures that in addition to users providing a username and password, they also must provide another factor such as a physical security key, one-time password, or even a fingerprint. Unfortunately, Lapsus$ cyber attackers have found new ways to target weaker authentication methods.
What’s known as “MFA Prompt Bombing” is being used to take advantage of older MFA methods, most notably the one-time passcode that can be sent to a user’s mobile phone (via text or voice call). Users must enter this one-time passcode to a sign-on prompt along with their other credentials. However, hacker groups have learned that in cases where pressing a single key is the second factor, hackers can issue multiple MFA requests to the end user’s device until the user accepts the authentication, giving them access to the account. If an employee, for example, receives 100 phone calls or texts, they might simply just accept it once to make it stop. Once the initial call is accepted, the hacker can access the MFA portal and enroll another device.
Lapsus$ Cyber Attacks: Chipmaker NVIDIA Targeted Too
NVIDIA, the Silicon Valley microchip producer was also recently hit by a cyberattack that may have completely compromised the company’s internal systems, according to an insider. The attack was first detected when email and developer systems went down after hackers were able to breach the infrastructure. The company said that business activities were able to continue without interruption and that they were investigating the scope of the attack. And while Russian hackers were not yet implicated in the attack, the Biden administration did warn chipmakers like NVIDIA in February to expand their supply chain beyond Russia, where many semiconductor resources are sourced.
Lapsus$ Members Finally Charged
In early April, after UK police arrested seven people as part of an investigation into cyberattacks by Lapsus$, two additional teenagers were charged with several counts, including unauthorized access to a computer with intent to impair reliability of data or hinder access to data, and fraud by false representation. After news of the arrests surfaced, Lapsus$ told its 50,000 Telegram follower group that some of its members were “taking a vacation.” We’ll see where that leads!
Build your network security skill-set and beat hackers at their own game with the Certified Ethical Hacking Course. Check out the course preview now!
Who Can Stop Lapsus$ Cyber Attacks? Ethical Hackers Can Help!
Cyberattack vectors today seem to have no limit, as the Lapsus$ group has clearly proven over and over again. With so much at stake, and with cybercriminals using ever-more-innovative methods, it helps to have a cyber resource on the inside of your organization that knows how to fight back.
That’s where Certified Ethical Hackers (CEH) become an invaluable resource to cyber security teams. Ethical hacking is the process of testing infrastructure vulnerabilities by using the same techniques that malicious hackers do, but in a legal, legitimate manner. The results of a CEH professional’s testing can then be used to proactively enhance the strength of an organization’s defensive cyber security posture. Ethical hackers learn to investigate vulnerabilities in target systems, assess security status of network systems and master the latest hacking tools, malware codes and other tactics that hackers use every day.
Certified Ethical Hackers, who undergo rigorous but highly-rewarding training, are considered to be among the most prized cyber security assets for organizations everywhere. If you’re not employing CEH personnel today, it’s time to take the plunge and see what this special group of anti-hackers can do.