Security News > 2022 > March > Microsoft warns of destructive attacks by Lapsus$ cybercrime group
Microsoft warns of destructive attacks by Lapsus$ cybercrime group.
In a blog post published Tuesday, Microsoft provides insight into the group's tactics and techniques and offers tips on how to protect your organization from these attacks.
By compromising the servers hosting these tools, the group tries to obtain the credentials of a privileged account and then uses a built-in Microsoft command known as ntdsutil to extract the Active Directory database of a targeted network.
Determining which accounts have higher privileges, the group then searches platforms such as SharePoint, Confluence, JIRA, GitLab and GitHub to find even more high-privilege account credentials through which it can access additional sensitive data.
To handle risk-based sign-in detection, your VPN authentication should take advantage of such options as OAuth or SAML connected to Azure AD. This type of VPN authentication has proven effective against attacks by Lapsus$, according to Microsoft.
Also See Share: Microsoft warns of destructive attacks by Lapsus$ cybercrime group.
News URL
https://www.techrepublic.com/article/microsoft-warns-destructive-attacks-lapsus-cybercrime-group/
Related news
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)