Skip to Content

DHS CSRB to review Lapsus$ activity

Updated on 2022-12-05: DHS CSRB to review Lapsus$ activity

The Department of Homeland Security (DHS) Cyber Safety Review Board says it intends to review attacks carried out by the Lapsus$ extortion group. The board says it plans to put out a report on how the group bypassed a broad range of security measures without the use of advanced malware and managed to breach a large number of high-profile targets. Lapsus$ has been linked to intrusions at Cisco, Microsoft, Nvidia, Samsung, Uber, Rockstar Games, and other big corps. Read more: Cyber Safety Review Board to Conduct Second Review on Lapsus$

Overview: Cyber Safety Review Board’s Next Focus: Lapsus$

The US Department of Homeland Security’s (DHS’s) Cyber Security Review Board (CSRB) will turn its attention to Lapsus$ for its second report. CSRB, which comprises experts from both the public and private sectors, will “review the recent attacks associated with Lapsus$, a global extortion-focused hacker group [that] has reportedly employed techniques to bypass a range of commonly-used security controls and has successfully infiltrated a number of companies across industries and geographic areas. The CSRB will develop actionable recommendations for how organizations can protect themselves, their customers, and their employees in the face of these types of attacks.” CSRB released a report on Log4j earlier this year.

Note

  • The Cyber Security Review Board was supposed to follow the model of the National Transportation Safety Board but in its first two efforts the CSRB has diverged in a big way. The NTSB investigates incidents, not vulnerabilities, and eventually got the power to enforce changes. The first CSRB effort produced a great report on Log4j vulnerabilities and risks and had great recommendations for change – but there were already plenty of those out there. The CSRB could never investigate every incident, but it wouldn’t have to. The focus on what went wrong that that enabled something like the Colonial Gas Pipeline gasoline supply chain disruption and driving legislation to prevent it from happening again is what is needed. I hope this one focuses on a particular attack by Lapsus$ vs. a report on the group’s tactics overall.
  • The CSRB topic is moving from analysis of a vulnerability that affected millions of organizations to that of a highly skilled threat actor that targets specific organizations. The cybersecurity community looks forward to better understanding what cyber defenses were in-place, what security controls failed, and incident response techniques employed.
  • As the CSRB finds its voice and process, documents like this upcoming report will be a good reference to both understand and defend against these types of attacks. Timing will be the trick: having these reports while the threat is imminent will dramatically increase their usefulness.
  • I can’t wait to read this one. AKA, I’m very surprised that 16-year-olds using relatively unsophisticated techniques have gotten as far as state actors. There was nothing “novel” about what they did, yet they did it anyway.

Read more in

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.