Lapsus$ Group attacks Microsoft, Nvidia, Samsung, and Okta

 

Did you know that data breaches seem to occur almost daily? Most data breaches result in ransomware attacks. But, a recent attack against Microsoft and Okta in March 2022 used a different tactic to breach each organization. The purpose of this article is to review each attack and discuss how Lapsus$ was able to penetrate both organizations using some of their tactics.

What is a data breach and how does it work?

A data breach is a security incident where sensitive, protected, or confidential data is released to an unauthorized person. Data breaches can happen when a company does not have enough protection in place.

The data can be accessed by a hacker who breaks into the system and steals information. It can also happen if there are employees that are careless with the information they store on their computers or mobile devices, or if there is an insider who decides to steal company information for personal gain.

What is the Microsoft Data Breach?

The breach by Lapsus$ was caused by a cyber attack on Microsoft\’s Azure Devops servers and affected only a single account. Microsoft was able to stop the attack before it caused too much damage.

What is the Okta Data Breach?

In March of 2022, a data breach was discovered at the cloud identity management company Okta. The company has about 30 million customers and it is used by many major corporations and exposed 2.5% of their customers. The data breach was reported by Lapsus$ on March 21 and were attacked through a third party provider.

What is the Nvidia Data Breach?

The Nvidia Data Breach of March 2022 was a data breach that occurred on March 22nd, 2022. Lapsus$ exfiltrated 1TB of hardware and software data.

What is the Samsung Data Breach?

On March 22, 2022, a data breach occurred at Samsung. Lapsus$ exfiltrated “confidential Samsung source code.”

What is the LAPSUS$ group?

According to Microsoft, LAPSUS$ “is know for using a pure extortion and destruction model without deploying ransomware payloads.” They target organizations around the world in all sectors.

They don’t cover their tracks and use the following tactics:

  • Buy credentials from employees of targets to access multifactor authentication approval (MFA) through SMS, email accounts, and other tactics
  • Utilize vishing which is phone-based social engineering against a target.
  • SIM Swapping to take over accounts. For this to occur, the attacker needs to know the target well which can be obtained through research and phishing.

What is vishing and how does it work?

Vishing is the act of initiating a phone call to obtain information, such as account numbers, passwords, or Social Security Numbers. This technique is also known as voice phishing.

Vishing scams can be done by calling individuals and asking for personal information or by recording their voice and using it in a different context.

Voice phishing has been around since the 1980s and has been used in many different ways. The most common form of vishing is when someone calls you on the phone, claims to be from a company you do business with (such as your bank), and asks for your account number or password.

What is the SIM swapping attack and how does it work?

SIM swapping is a form of identity theft where criminals will call their carrier and request to transfer a person\’s phone number to another device. This enables the criminal to bypass security measures that are in place for account access such as two-factor authentication. The SIM swapping scam begins when the attacker gathers personal information through direct social engineering, google searches, phishing emails, or buying information from others. With enough information, the attacker calls the mobile provider to port your number over to the attacker’s SIM. When this occurs, the victim loses communication with the mobile network. The attacker basically ends up with some of your key credentials and circumventing the 2FA methods accounts use since they have your phone number.

The FBI reported a major increase in money stolen from consumers in 2021 from SIM swapping, with the DOJ estimating losses to be five times those of the previous three years. “The FBI says that victims lost $68M in 2021, compared to just $12M in the three-year period between 2018 and 2020.” The FBI received 1,600 complaints about SIM-swapping in 2021. This represents a sharp increase from the three previous years. Scammers have been outwitting mobile phone carriers for a very long time, quickly stealing service by swapping SIM cards. They only benefit from this behavior if they get the codes that come to the device, so don\’t give them to them. (Source: Wikipedia)

Who is behind the Lapsus$ hacking group?

On March 24, 2022, City of London Police arrested seven teenagers in connection with the Lapsus$ group. The mastermind may be located in Brazil. .

How to protect yourself and your organization from Lapsus$ Style attacks?

Lapsus$ Hacking group is known for using exhortation but not ransomware to do their attacks. Protecting yourself from phishing attacks is not clicking on unknown links in emails. Check where the message is coming from. Don’t give personal information to strangers over the telephone. To prevent yourself from getting SIM swapped you can call your mobile provider and put a lock on your account from these types of activities. The best way to protect against SIM-swapping attacks is not to use SMS for your 2FA. You can use an app-based authentication program, like Google Authenticator instead. An even more secure option would be to purchase a physical token, like the Yubikey 4×4. (Source: howtogeek.com)

Conclusion

The purpose of this article was to review the recent attacks done by Lapsus$, tactics used by Lapsys$, and an explanation of the attacks used. Then we review some ways you can protect yourself from these attacks, especially the SIM swap attack. Most attacks today are done through ransomware except Lapsus$ uses extortion, phishing, vishing, and other tactics.

If you have found this article useful, please give us some comments below. I looked forward to hearing from you.

 

Dr. M

Dr. M

Leave a Reply

Your email address will not be published. Required fields are marked *