Devil-may-care Lapsus$ gang is not the aspirational brand infosec needs

2022-03-17 03:58

Cybersecurity experts describe a still-maturing cybercriminal group that is testing its capabilities with a range of different attack methods - from data extortion to ransomware - and may be taking advantage of Russia's invasion of Ukraine, which is distracting and diverting malware pushers and cybersecurity vendors alike.

"Based on their public behavior and communication observed from the group, it is believed that they are a completely new group and not simply a rebranded threat group," Tyler Croak, principal strategist at cybersecurity vendor Lookout, told The Register.

"While the group seems to be mostly financially motivated, there are signs of additional motivations. For example, their early attacks had a heavier focus on data extortion and payment, but in their Nvidia attack we saw a demand for the organization to make their IP open source. This strays into hacktivist territory."

"We have a group here that is flexing their muscles to build 'street cred,' has been profitable with ransoms, and seem to be untouchable at the moment," Richard Fleeman, vice president at security advisory services provider Coalfire, told The Register.

Casey Ellis, founder and CTO at crowdsourced cybersecurity firm Bugcrowd, said threat groups tend to keep their effort focused on primarily goals, enabling them to scale while minimizing their own attack surface.

Ellis pointed to the government pressure put on the REvil ransomware group that led to the arrest of its members by Russian authorities this year, and an offensive cyber weapon used by the United States that knocked the group offline in 2021.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/17/lapsus-larger-companies/

#infosec #lapsus