Analysis
Attacks and Vulnerabilities
CISA
Critical infrastructure
News
Regulation, Standards and Compliance

DHS’ Cyber Safety Review Board prepares to conduct review on Lapsus$ hacker group

December 05, 2022
DHS’ Cyber Safety Review Board prepares to conduct review on Lapsus$ hacker group

The U.S. Department of Homeland Security (DHS) announced Friday that its Cyber Safety Review Board (CSRB) will review the recent attacks associated with Lapsus$, a global extortion-focused hacker group. The CSRB will develop actionable recommendations for how organizations can protect themselves, their customers, and their employees in the face of these types of attacks.

The Lapsus$ hacker group reportedly employed techniques to bypass a range of commonly-used security controls and successfully infiltrated a number of companies across industries and geographic areas. On completion, the report will be transmitted to President Joe Biden through Secretary of Homeland Security Alejandro N. Mayorkas and CISA (Cybersecurity and Infrastructure Security Agency) director Jen Easterly.

“The Cyber Safety Review Board has quickly established itself as an innovative and enduring institution in the cybersecurity ecosystem,” Alejandro N. Mayorkas, DHS secretary, said in a media statement. “With its review into Lapsus$, the Board will build on the lessons learned from its first review and share actionable recommendations to help the private and public sectors strengthen their cyber resilience.”

“Lapsus$ has targeted some of the most sophisticated companies on the planet,” Robert Silvers, CSRB chair and DHS under secretary for policy, said. “In the wake of major incidents, the Cyber Safety Review Board conducts authoritative fact-finding and issues recommendations that can have immediate impact on the security of the ecosystem. As a unified effort between government and industry, we will advise on how to repel and respond to these types of cyber-enabled extortion attacks.” 

“As cyber threats continue to evolve it is imperative that all organizations recognize that they are not invincible,” according to Heather Adkins, CSRB deputy chair. “The CSRB will review the cyber activity of Lapsus$ in order to analyze their tactics and help organizations of all sizes protect themselves.”  

“Lapsus$ actors have perpetrated damaging intrusions against multiple critical infrastructure sectors, including healthcare, government facilities, and critical manufacturing,” Jen Easterly, CISA director, said. “The range of victims and diversity of tactics used demand that we understand how Lapsus$ actors executed their malicious cyber activities so we can mitigate risk to potential future victims. We applaud the CSRB for taking on this review to help advance our collective cyber defense.”

Set up as a mandate in the President’s Executive Order, issued in May last year, the CSRB is a public-private initiative that brings together government and industry leaders to conduct authoritative fact-finding and to issue recommendations in the wake of significant cybersecurity incidents. It also seeks to drive a thoughtful approach to learn from cyber incidents.

“Lapsus$ first made moves back in December of 2021 with an attack on Brazil’s Ministry of Health, but was hit with international attention in March of 2022 for a string of major hacks that  targeted Microsoft, Okta, NVIDIA, Samsung, and Vodafone,” according to a blog post by ReversingLabs. “The hacking group has been known to use low-tech methods to score big data thefts of major companies and organizations.” 

The CSRB’s initial review focused on vulnerabilities discovered late last year in the widely used Log4j open-source software library. In July this year, the CSRB concluded that review and published its report, which included 19 actionable recommendations for government and industry. The CSRB does not have regulatory powers and is not an enforcement authority. Its purpose is to identify relevant lessons learned to inform future improvements and better protect our communities.

Recorded Future disclosed in September that eight semiconductor companies have been attacked and extorted by ransomware actors since the start of this year. These attacks included using LockBit, LV ransomware, and Cuba ransomware and were carried out by extortion groups, including the Lapsus$ group and RansomHouse. The report provides an analysis of the importance of the semiconductor industry and the role it plays in the increasingly complex geopolitical environment, apart from identifying the tactics, techniques, and procedures (TTPs) used by ransomware actors in their attacks.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights