The Cyber Safety Review Board has released a report on the review of attacks associated with LAPSUS$ and related threat groups. The report provides valuable insights into the tactics, techniques, and procedures (TTPs) used by these threat actors, as well as recommendations for organizations to protect themselves against these cyber threats. The report highlights the importance of identity and access management (IAM), telecommunications vulnerabilities, and resiliency with a focus on business process outsourcing (BPO). It also emphasizes the role of information sharing with law enforcement and the broader ecosystem in mitigating attacks and disrupting threat actors. The report concludes that while most organizations were not prepared to prevent these attacks, those that had prepared for the possibility of these kinds of attacks proved most resilient.
One of the key findings of the report is that most organizations were not prepared to prevent the attacks described in the report. However, most were able to rapidly change their security programs to account for vulnerabilities and make improvements to thwart future attacks. Companies that had prepared for the possibility of these kinds of attacks, against their own infrastructure as well as their suppliers through Penetration Testing at regular intervals proved most resilient.
The report highlights the complex intersecting relationships between telecommunications providers and BPOs with their customers and clients, which were favored targets of the threat actors. The exploitation of insiders and insider processes in the supply chain of many organizations added an extra level of complexity for mitigating the attacks across the broader ecosystem.
Successful social engineering techniques were also effective for atypical business processes, such as EDRs. Organizations still experience friction in their ability or willingness to share information about attacks due to perceived negative consequences of making attack details known, or a lack of familiarity with legal authorities designed to encourage such sharing. Additional employee training to spot these social engineering techniques is needed in addition to regular Penetration Testing.
See CISA.gov for more information: https://www.cisa.gov/resources-tools/resources/review-attacks-associated-lapsus-and-related-threat-groups-report
Comments