The Lapsus$ attacks: Experts say companies will need a proactive approach

“While the investments in cybersecurity are also increasing, but today’s approach of managing cyber risks in siloes through reactive models is no longer enough,” Modi added. Siloes refers to the process of isolating a point in a system, where data is kept segregated from other parts of the system. He wants companies to evolve from present approaches of cyber risk management to one that is proactive and predictive.

“India is a global leader in technology adoption today and needs to adopt a robust cybersecurity incident reporting and risk management framework, irrespective of concerns with Lapsus$. Much like the US which is moving gears in adopting better cybersecurity practices, India too needs to strengthen its national cybersecurity policies and practices,” he stressed.

In the case of the Lapsus$ attacks, the hackers are believed to have used varied sophisticated social engineering techniques to exploit organisations. For instance, in the case of Okta, the hacker group was able to get access to the account of an employee of a third-party Okta subprocessor Sykes.

“Third-party risk management is a big challenge today, and cybercriminal gangs will keep exploiting such loopholes if we do not change our approach to cyber risk management,” Modi said.

Prasad T, senior security architect at Verse Innovation notes that the notorious group has offered money to the employees at Verizon and AT&T as much as $20,000 per week so that the users will identify defects to support the criminal operation and conduct “inside jobs.”

In nearly all these cases, Lapsus$ got into the corporations’ networks and stole data and the pieces of source code. After that, the gang leaked the data and the code all over the internet via Telegram, in an attempt to reveal the company’s secrets.

 “Most of their attacks have been against South/North American companies. But it is possible for them to look for giant companies anywhere including in India. They have been targeting companies and not individuals as they get more attention with the corporate companies,” Prasad added.

Further, the group is not motivated by money alone. According to Prasad, Lapsus$ appears to be driven by “fame more than money as they have been leaking much of their leaked data.”

Modi also highlighted the Nvidia hack, “where the group asked the company to make its graphic cards more efficient for mining cryptocurrency during its extortion demand,” as another example of this fame-seeking behaviour.

The hackers demanded that Nvidia remove its lite hash rate (LHR) feature. For the uninitiated, LHR was introduced by the company to limit Ethereum mining capabilities, particularly in the Nvidia RTX 30 series GPU. This was done after the crypto mining community depleted the GPU stocks in 2021. The group is also demanding Nvidia to open source its GPU drivers for macOS, Windows, and Linux devices.