DHS CSRB to review Lapsus$ activity

Updated on 2022-12-05: DHS CSRB to review Lapsus$ activity

The Department of Homeland Security (DHS) Cyber Safety Review Board says it intends to review attacks carried out by the Lapsus$ extortion group. The board says it plans to put out a report on how the group bypassed a broad range of security measures without the use of advanced malware and managed to breach a large number of high-profile targets. Lapsus$ has been linked to intrusions at Cisco, Microsoft, Nvidia, Samsung, Uber, Rockstar Games, and other big corps. Read more: Cyber Safety Review Board to Conduct Second Review on Lapsus$

Overview: Cyber Safety Review Board’s Next Focus: Lapsus$

The US Department of Homeland Security’s (DHS’s) Cyber Security Review Board (CSRB) will turn its attention to Lapsus$ for its second report. CSRB, which comprises experts from both the public and private sectors, will “review the recent attacks associated with Lapsus$, a global extortion-focused hacker group [that] has reportedly employed techniques to bypass a range of commonly-used security controls and has successfully infiltrated a number of companies across industries and geographic areas. The CSRB will develop actionable recommendations for how organizations can protect themselves, their customers, and their employees in the face of these types of attacks.” CSRB released a report on Log4j earlier this year.

Note

• The Cyber Security Review Board was supposed to follow the model of the National Transportation Safety Board but in its first two efforts the CSRB has diverged in a big way. The NTSB investigates incidents, not vulnerabilities, and eventually got the power to enforce changes. The first CSRB effort produced a great report on Log4j vulnerabilities and risks and had great recommendations for change – but there were already plenty of those out there. The CSRB could never investigate every incident, but it wouldn’t have to. The focus on what went wrong that that enabled something like the Colonial Gas Pipeline gasoline supply chain disruption and driving legislation to prevent it from happening again is what is needed. I hope this one focuses on a particular attack by Lapsus$ vs. a report on the group’s tactics overall.
• The CSRB topic is moving from analysis of a vulnerability that affected millions of organizations to that of a highly skilled threat actor that targets specific organizations. The cybersecurity community looks forward to better understanding what cyber defenses were in-place, what security controls failed, and incident response techniques employed.
• As the CSRB finds its voice and process, documents like this upcoming report will be a good reference to both understand and defend against these types of attacks. Timing will be the trick: having these reports while the threat is imminent will dramatically increase their usefulness.
• I can’t wait to read this one. AKA, I’m very surprised that 16-year-olds using relatively unsophisticated techniques have gotten as far as state actors. There was nothing “novel” about what they did, yet they did it anyway.

Read more in

• Cyber Safety Review Board to Conduct Second Review on Lapsus$
• DHS Cyber Safety Review Board to focus on Lapsus$ hackers
• Cyber Safety Review Board turns its sights on Lapsus$ extortion group in latest review
• DHS Cyber Safety Board to review Lapsus$ gang’s hacking tactics
• Cyber Safety Review Board to focus its next report on the Lapsus$ extortion group