The U.S. Department of Homeland Security released the Cyber Safety Review Board’s (CSRB) report detailing findings from its investigation into the activities of the threat actor group Lapsus$. The report outlines 10 actionable recommendations for government, companies and civil society to enhance protection against Lapsus$ and similar groups, according to an Aug. 10 news release.
“Our ability to protect Americans from cyber vulnerabilities has never been stronger thanks to the community we are building through the Cyber Safety Review Board,” Secretary of Homeland Security Alejandro N. Mayorkas said in the release. “As our threat environment evolves, so too must our detection and prevention capabilities. We must also evolve our ability to deploy those capabilities. The CSRB’s findings are not only timely, they are actionable and written with the guidance of real-world practitioners in the private sector.”
The CSRB's analysis disclosed said Lapsus$ adeptly employed rudimentary methodologies to elude the conventional security mechanisms widely employed within numerous corporate cybersecurity schemes, the release reported. The CSRB report delineates 10 pragmatic recommendations aimed at enhancing the safeguarding measures against Lapsus$ and analogous collectives, intended for adoption by government bodies, enterprises and civil society.
The report was formally presented to President Joseph R. Biden by Mayorkas, according to the release.
Commencing in the latter part of 2021 and extending into 2022, Lapsus$ purportedly employed tactics to circumvent an array of widely employed security controls, thereby successfully infiltrating numerous well-endowed institutions, the release said. The CSRB engaged with nearly 40 entities and individuals, encompassing representatives from threat intelligence entities, incident response firms, targeted institutions, international law enforcement agencies, individual researchers, subject matter specialists and entities targeted in the attacks.
This collective engagement sought to gain a comprehensive comprehension of the incidents and devise recommendations for future safety enhancements, the release reported.
The CSRB's findings unveiled Lapsus$ and its associated threat operatives predominantly harnessed uncomplicated strategies, such as pilfering mobile phone numbers and launching phishing campaigns against employees, to gain illicit entry into organizations and pilfer their proprietary data, according to the release.
One of the report's revelations was a shared oversight among entities regarding the inherent risks of relying on text messaging and voice calls for multi-factor authentication, the release. It ardently suggests a swift transition to more robust, user-friendly, password-free solutions.
Furthermore, the report advocates for stringent authentication protocols to be implemented by mobile carriers to heighten customer protection, while also urging the Federal Communications Commission and Federal Trade Commission to mandate and establish standardized countermeasures against SIM swapping, the release said.
