Lapsus$ Group, a relatively new cybercrime gang, has been making headlines the past couple of months due to their bold hacks of global companies including Nvidia, Microsoft, Okta, and Samsung.
Never content to play by the rules (even those established by other criminal organizations), Lapsus$’s self-serving anarchy has taken the cybersecurity world by storm and left major companies on high alert. The gang has successfully pilfered proprietary source code, administrative login credentials, and a range of other valuable assets from a catalog of companies one would rightfully expect to have watertight cybersecurity in place.
Because They Can
What separates Lapsus$ from ransomware outfits like Conti, or the recently dismantled REvil gang, is that they are clearly driven exclusively by reputation, not money or political gains.
Thus far, the group has not made any financial demands and seems to be satisfied by the chaos they create when releasing their spoils to the internet, where other hackers or criminals are free to use the info however they want.
Lapsus$ even takes to social media to conduct polls where they ask followers who they should target next, and attempt to recruit employees from within those companies to hand over login information in exchange for cash.
The Next Generation of Hackers
Cybersecurity researchers believe that the gang is largely composed of young, unseasoned hackers. UK authorities have arrested seven people for their alleged involvement in Lapsus$, with the oldest of them being only 21 years old. Other members, believed to also be teenagers, are based in Brazil.
The group’s supposed “mastermind,” a teen living outside of Oxford, seems to have conducted the majority of his work right from his bedroom with his parents blissfully unaware that their son was engaging in international crime directly under their roof.
One of the teens implicated in a recent case was so adept at hacking, researchers were surprised to learn that the hacking wasn’t automated and was in fact accomplished by a human being.
In spite of arrests made, Lapsus$ continues to operate and claims that no members of the group have ever been apprehended.
Next Targets
What could be next for Lapsus$? That question undoubtedly troubles the minds of authorities and organizations alike, who have so far been frustratingly unsuccessful in putting an end to the group’s disruption.
Software services giant Globant is the most recent victim of the hacking group, with the criminals posting a 70 GB trove of “significant” data online after taking what they referred to as a short “vacation.”
It is unclear if the gang is utilizing expert hacking abilities, social engineering techniques, or simply buying credentials from inside sources to carry out their activities. The group likely uses a combination of these tactics, as having access handed over is always preferable to doing the hard work yourself.
While Lapsus$ has certainly created a chaotic and troubling situation with regard to data privacy and security, perhaps it is their dose of high profile anarchy that will make organizations take notice and begin to allocate more funds towards their security staff, training, and protocols.
Maybe Lapsus$ will prove to be worrisome enough that major companies invest more in robust, agile, and preventative cybersecurity, as opposed to reactive press releases after the fact.
Cybersecurity Made Easy
Hackers love easy targets. Don’t be one!
Booker DiMaio offers a comprehensive suite of cybersecurity services that will keep your company protected. From CyberBenchmark cybersecurity assessments to continuous monitoring with Overwatch, you can rest assured that your network will have superior protection against hackers like Lapsus$ and many others.