Despite using methods that are "bold, illogical, and poorly thought out, Lapsus$ has successfully breached companies like Microsoft, Vodafone and Nvidia. Credit: Cosmin4000 / Getty Images [Editor’s note: This article originally appeared on the CSO Germany website on July 29.] Claire Tills, senior research engineer at Tenable, describes the methods of the hacking group Lapsus$ as bold, illogical and poorly thought out. The criminals attacked renowned companies such as Microsoft, Samsung, Nvidia, Vodafone, Ubisoft and Okta. They stole data and sometimes used ransomware to extort their victims. How Lapsus$ became famous In contrast to other cybercriminal gangs, Lapsus$ organizes itself exclusively through a private Telegram group and does not operate a leak site on the dark web. As Tills wrote, the group has so far announced its next victims via Telegram. She also noted that Lapsus$ asked the community for suggestions as to which company data should be published next. Lapsus$ garnered a lot of attention for its unconventional tactics and unpredictable methods. Early this year, for example, it was involved in the multi-stage theft of data from computer systems of the customer service provider Sitel. This in turn led to a security incident at IAM provider Okta. According to Tills, the group then relied heavily on classic tactics such as Initial access via purchased or publicly accessible login databases Password theft Paying employees for their access data Bypassing multi-factor authentication by spamming submissions or contacting the helpdesk Access to applications such as VPNs, Microsoft SharePoint or virtual desktops to collect additional credentials and access sensitive information Elevating permissions by exploiting unpatched vulnerabilities in Jira, GitLab and Confluence Smuggling data out via NordVPN or free file drop services and then wiping resources Leverage access to victim’s cloud environments to build attack infrastructure and remove all other global administrators Does Lapsus$ stay dormant? Although it is difficult to identify individual members of the hacking group, law enforcement agencies have been able to trace Lapsus$’s operations to a few teenagers in Brazil and the UK. From the subsequent arrests and “apparent silence from the group,” Tills concludes that the hackers are talented but inexperienced. Lapsus$ has been quiet for a few months (although Cisco claims the group was among those responsible for a breach of its IT network in May). Tills did not speculate whether this is because some members were unmasked and arrested, or whether the teenagers simply lost interest. Instead, she concluded her report with an appeal: “Ransomware extortion attacks will never end unless they become too complicated or too costly. Organizations should consider what defenses they have against the tactics used, how they can be hardened, and whether their crisis response plans effectively take these incidents into account. Therefore, the danger emanating from hacker groups like Lapsus$ should not be downplayed. Especially since the group successfully attacked large international tech groups with simple tactics, sometimes with serious consequences.” Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe