French video game company Ubisoft confirmed Friday that it was the victim of a ‘cyber security incident’ which caused temporary disruptions to its games, systems and services. Extortionist gang LAPSUS$ is believed to be behind this attack, in a since deleted tweet featured in The Verge’s reporting. Ubisoft states that all games and services are functioning normally and that there is no evidence currently that any player PI was accessed or exposed.
Chris Olson, CEO of The Media Trust had this to say:
“The LAPSUS$ gang has been alarmingly prolific: in one week, they’ve managed to infiltrate two high-profile tech organizations (including Samsung), with their eyes set on ‘Big Five’ companies like Microsoft and Apple. But this string of successes cannot be purely attributed to skill – based on their public correspondence, LAPSUS$ has been actively recruiting insiders from tech giants and ISPs.”
“In the fight against rising cybercrime, it’s a given that organizations should implement better cybersecurity controls, including zero-trust models to mitigate insider threats. But it’s also crucially important that they pay attention to the recruiting/reconnaissance process as well: today, groups like LAPSUS$ frequently target employees through the digital ecosystem, using a combination of micro and location-based targeting. Monitoring and controlling mobile and web-based channels can alert decision makers to recruitment efforts and help them to prepare.”
Clearly LAPSUS$ is busy pwning companies right and left. That should terrify those in the infosec space. But at the same time LAPSUS$ is really drawing attention to itself. And at some point some country is going to make a serious attempt to take them down. Just ask REvil.
Like this:
Like Loading...
Related
This entry was posted on March 15, 2022 at 12:00 pm and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The IT Nerd 
Ubisoft Pwned By LAPSUS$
French video game company Ubisoft confirmed Friday that it was the victim of a ‘cyber security incident’ which caused temporary disruptions to its games, systems and services. Extortionist gang LAPSUS$ is believed to be behind this attack, in a since deleted tweet featured in The Verge’s reporting. Ubisoft states that all games and services are functioning normally and that there is no evidence currently that any player PI was accessed or exposed.
Chris Olson, CEO of The Media Trust had this to say:
“The LAPSUS$ gang has been alarmingly prolific: in one week, they’ve managed to infiltrate two high-profile tech organizations (including Samsung), with their eyes set on ‘Big Five’ companies like Microsoft and Apple. But this string of successes cannot be purely attributed to skill – based on their public correspondence, LAPSUS$ has been actively recruiting insiders from tech giants and ISPs.”
“In the fight against rising cybercrime, it’s a given that organizations should implement better cybersecurity controls, including zero-trust models to mitigate insider threats. But it’s also crucially important that they pay attention to the recruiting/reconnaissance process as well: today, groups like LAPSUS$ frequently target employees through the digital ecosystem, using a combination of micro and location-based targeting. Monitoring and controlling mobile and web-based channels can alert decision makers to recruitment efforts and help them to prepare.”
Clearly LAPSUS$ is busy pwning companies right and left. That should terrify those in the infosec space. But at the same time LAPSUS$ is really drawing attention to itself. And at some point some country is going to make a serious attempt to take them down. Just ask REvil.
Share this:
Like this:
Related
This entry was posted on March 15, 2022 at 12:00 pm and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.