Close Menu
    Facebook X (Twitter) Instagram Pinterest YouTube LinkedIn TikTok
    TopBuzzMagazine.com
    Facebook X (Twitter) Instagram Pinterest YouTube LinkedIn TikTok
    • Home
    • Movies
    • Television
    • Music
    • Fashion
    • Books
    • Science
    • Technology
    • Cover Story
    • Contact
      • About
      • Amazon Disclaimer
      • Terms and Conditions
      • Privacy Policy
      • DMCA / Copyrights Disclaimer
    TopBuzzMagazine.com
    Home»Technology»The Dire Warnings in the Lapsus$ Hacker Joyride
    Technology

    The Dire Warnings in the Lapsus$ Hacker Joyride

    By AdminOctober 26, 2022
    Facebook Twitter Pinterest LinkedIn Tumblr Email

    “At the end of the day, the flexibility of how you can abuse corporate accounts to move laterally and pivot over to other applications in the cloud—there are just so many different ways that attackers can use enterprise credentials,” says Crane Hassold, director of threat intelligence at Abnormal Security and a former digital behavior analyst for the FBI. “That’s why phishing is so extremely popular with cybercriminals, because of that return on investment.”

    There are stronger ways to implement two-factor authentication, and the new generation of “password-less” login schemes or “Passkeys” from the industry FIDO2 standard promise a much less phishable future. But organizations need to actually start implementing these more robust protections so they’re in place when a ransomware actor (or restless teen) starts poking around.

    “Phishing is obviously a huge problem, and most of the things that we normally think of as multifactor authentication, like using a code generator app, are at least somewhat phishable, because you can trick someone into revealing the code,” says Jim Fenton, an independent identity privacy and security consultant. “But with push notifications, it’s just too easy to get people to click ‘accept.’ If you have to plug something directly into your computer to authenticate or use something integrated with your endpoint, like a biometric sensor, those are phishing-resistant technologies.”

    Keeping attackers from clawing their way into an organization through phishing isn’t the only problem, though. As the Uber incident showed, once Lapsus$ had compromised one account to gain access, they were able to burrow deeper into Uber’s systems, because they found credentials for internal tools lying around unprotected. Security is all about raising the barrier to entry, not eliminating all threats, so strong authentication on external-facing accounts would certainly have gone a long way toward stopping a group like Lapsus$. But organizations must still implement multiple lines of defense so there’s a fallback in case one is breached. 

    In recent weeks, former Twitter security chief Peiter “Mudge” Zatko has publicly come out as a whistleblower against Twitter, testifying before a US Senate committee that the social media giant is woefully insecure. Zatko’s claims—which Twitter denies—illuminate how high the cost could be when a company’s internal defenses are lacking.

    For its part, Lapsus$ may have a reputation as an outlandish and oddball actor, but researchers say that the extent of its success in compromising massive companies is not just remarkable but also disturbing.

    “Lapsus$ has highlighted that the industry must take action against these weaknesses in common authentication implementations,” Demirkapi says. “In the short term we need to start by securing what we currently have, while in the longer term we must move toward forms of authentication that are secure by design.”

    No wakeup call ever seems sufficiently dire to produce massive investment and quick, ubiquitous implementation of cybersecurity defenses, but with Lapsus$ organizations may have an additional motivation now that the group has shown the world just how much is possible if you’re talented and have some time on your hands. 

    “Cybercriminal enterprises are exactly the same as legitimate businesses in the sense that they look at what other people are doing and emulate the strategies that prove successful,” Emsisoft’s Callow says. “So the ransomware gangs and other operations will absolutely be looking at what Lapsus$ has done to see what they can learn.”

    Read The Full Article Here

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    A look at some US energy companies linked to AI infrastructure, such as Sam Altman-backed Oklo, whose stocks have soared despite having little to no revenue (Jinjoo Lee/Wall Street Journal)

    October 19, 2025

    The New Power of Far-Right Influencers

    October 18, 2025

    Inside Hyperliquid, a booming DEX for perpetual crypto futures still controlled by a small insider group, raising questions about how decentralized it really is (Muyao Shen/Bloomberg)

    October 18, 2025

    Some of Our Favorite Noise-Canceling Headphones Are $100 Off if You Act Fast

    October 17, 2025

    Reddit announces that it is expanding its Google Gemini-powered search experience to five new languages: French, German, Spanish, Italian, and Portuguese (Ivan Mehta/TechCrunch)

    October 17, 2025

    Why the F5 Hack Created an ‘Imminent Threat’ for Thousands of Networks

    October 16, 2025
    popular posts

    People-powered research and experiential learning: Unraveling hidden biodiversity

    Book Review: Imagining a Radical New Relationship with the Mississippi

    Charlie Kaufman Movies Have Gotten Really Bleak

    Security Guard Drags Metalcore Vocalist Offstage, Venue Responds

    NASA’s DART Mission May Severely Deform Asteroid, Says Study

    Molecule’s tiny quantum jiggle imaged in unprecedented detail

    The 12 Best Tinted Moisturisers for Mature Skin, Ranked by

    Categories
    • Books (3,479)
    • Cover Story (8)
    • Events (20)
    • Fashion (2,566)
    • Interviews (47)
    • Movies (2,779)
    • Music (3,064)
    • News (162)
    • Politics (6)
    • Science (4,630)
    • Technology (2,774)
    • Television (3,504)
    • Uncategorized (932)
    Archives
    Facebook X (Twitter) Instagram Pinterest YouTube Reddit TikTok
    © 2025 Top Buzz Magazine. All rights reserved. All articles, images, product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Terms of Use and Privacy Policy.

    Type above and press Enter to search. Press Esc to cancel.

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
    Do not sell my personal information.
    Cookie SettingsAccept
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
    CookieDurationDescription
    cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
    cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
    cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
    cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
    cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
    viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
    Functional
    Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
    Performance
    Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
    Analytics
    Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
    Advertisement
    Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
    Others
    Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
    SAVE & ACCEPT