Archive for March 24, 2022

Seven Teens Arrested By UK Police And Accused Of Being The Lapsus$ Hacking Gang

Posted in Commentary with tags on March 24, 2022 by itnerd

Here’s a plot twist. London Police have arrested seven teens in relation to being the Lapsus$ hacking gang. That’s the gang that has pwned Nvidia, Microsoft, and Okta among others. The BBC has the details:

A 16-year-old from Oxford has been accused of being one of the leaders of cyber-crime gang Lapsus$.

The teenager, who is alleged to have amassed a $14m (£10.6m) fortune from hacking, has been named by rival hackers and researchers.

City of London Police say they have arrested seven teenagers in relation to the gang but will not say if he is one.

The boy’s father told the BBC his family was concerned and was trying to keep him away from his computers.

Under his online moniker “White” or “Breachbase” the teenager, who has autism, is said to be behind the prolific Lapsus$ hacker crew, which is believed to be based in South America.

Lapsus$ is relatively new but has become one of the most talked about and feared hacker cyber-crime gangs, after successfully breaching major firms like Microsoft and then bragging about it online.

The teenager, who can’t be named for legal reasons, attends a special educational school in Oxford.

City of London Police said: “Seven people between the ages of 16 and 21 have been arrested in connection with an investigation into a hacking group. They have all been released under investigation. Our inquiries remain ongoing.”

And what’s interesting is this:

“White” was outed – or “doxxed” – on a hacker website, after an apparent falling out with business partners.

The hackers revealed his name, address, and social media pictures.

They also posted a biography of his hacking career, saying: “After a few years his net worth accumulated to well over 300BTC [close to $14m]… [he is] now is affiliated with a wannabe ransomware group known as ‘Lapsus$’, who has been extorting & ‘hacking’ several organisations.”

No honour among thieves I guess. But it does mesh with a story that I posted earlier today. In any case, they have been released and are under investigation. So we may hear more about this in the coming days.

2 Comments »

Is Lapsus$ Run By A Teenager Living With His Mom In The UK?

Posted in Commentary with tags on March 24, 2022 by itnerd

Here’s a plot twist in the whole Lapsus$ saga. Bloomberg is reporting that a Teen is suspected by Cyber researchers of being Lapsus$ mastermind. Cybersecurity researchers investigating the hacking group, on behalf of the companies that were attacked, said they believe the teenager, who lives at home with his mother in Oxford, England, is a mastermind. Cybesecurity expert Brian Krebs has posted a story that speaks to this as well, along with further details about the Lapsus$ group.

Based on this, I have a fair amount of commentary from a variety of experts. The first being Lucas Budman, CEO of TruU:

This is yet another example of bad actors continuing to exploit the vulnerabilities of the password.  As an industry we need to decide do we want to continue to try to “plug the proverbial hole in damn” by resetting passwords and/or adding 2FA (which is effectively a single factor at this point as the password is likely compromised already) in response to these events.  Or, are we ready to “use a new damn” and move on to passwordless MFA.

Peter Stelzhammer, Co-Founder of AV-Comparatives is next with this commentary:

“Hackers are no longer pupils, just doing it for fun. While pupils are eager to learn the ways of hacking, what must be understood is that if taken out of hand, it becomes online, organized crime. While hackers are sometimes hired as someone to do their job of their own accord, usually, it is always for the money.”

“Often it starts with social engineering and ends with a successful breach. Cybercriminals are most of the time well educated and geniuses in their field. The money made in cybercrime is much more than in the global drug market.”

Finally, we have Darren Williams, Founder and CEO, BlackFog with his perspective:

“So far this month we’ve seen Lapsus$ claim attacks on Okta, Samsung, Vodafone and Microsoft to name a few, so you’d easily be forgiven thinking there is a gang of cybercriminal masterminds behind these attacks. The ‘gang’ or potentially the teenager working from his mother’s house, made their mark in the ransomware world with the attack on Portuguese media conglomerate Impresa. Lapsus$ demonstrated a sense of humor following the incident when they tweeted that “Lapsus$ is the new president of Portugal”. Whether a criminal gang or a teenager from Oxford it’s clear that the ‘organization’ has the ability to infiltrate some of the world’s largest organizations at a speed that makes these attacks impossible to prevent using traditional perimeter defence tools. More than 84% of all attacks involve data exfiltration, exposing data on the Dark Web and/or public web sites. By refocusing security efforts on anti-data exfiltration, organizations are able to mitigate extortion attempts, regulatory fines, reports and ultimately the loss of trust in the business.”

Regardless who runs this hacking group, the main thing that you have to know is that they are dangerous because they are extremely effective. You need to take action in terms of strengthening your security posture so that you don’t become the next victim of Lapsus$.

1 Comment »

Canadian Nonprofits Are Investing In Digital Transformation To Drive Efficiency And Growth: Sage

Posted in Commentary with tags on March 24, 2022 by itnerd

Sage, the leader in accounting, financial, HR and payroll technology for small and mid-sized businesses, today released a new study on the Canadian nonprofit sector, Grow Together: How digital transformation empowers Canadian nonprofit organizations to embrace change. The study found that nonprofits have seized the opportunity during the pandemic to rethink and change the way they operate to gain efficiencies and better serve their communities, despite the difficulties caused by COVID-19.

Transforming operations to overcome challenges

In partnership with Leger, a Canadian research firm, Sage found that 9 in 10 nonprofits consider their digital transformation efforts a top priority to update business processes and gain efficiencies:

  • 27% have already gone through the process and are digital-first
  • 47% are in the process of digitizing key processes
  • 16% have plans to digitize key processes

The pressure on nonprofits to transform their operations is driven by both external and internal challenges. The pandemic has inflicted the following top five common external challenges on nonprofits:

  • Program disruptions (43%)
  • Staffing shortages (39%)
  • Decreases in funding (36%)
  • Uncertainty related to service delivery mechanisms due to the pandemic (36%)
  • Increased demand for services (32%)

Furthermore, two-thirds of nonprofits believe these external barriers will persist in 2022. As such, the need to accelerate or continue digital transformation initiatives is pressing to help overcome these acute challenges.

In addition, four in five Canadian nonprofits said they are experiencing the following internal challenges, which are causing operational friction within their organization:

  • Lack of staff with the right skill set to manage the digital transformation journey (25%)
  • Inefficiencies and delays due to multiple, disparate systems (23%)
  • Manual, time-consuming reporting (23%)

Making strategic choices

Supporting digital transformation has been difficult for nonprofits when resources, financial or otherwise, have been stretched to their limit during the pandemic. In fact, 28% of Canadian nonprofits experienced a decrease in 2021 revenue, with four in ten experiencing more than 25% decrease in revenue. One-third of nonprofits saw a decrease in funding from both foundations and corporations over the last twelve months.

Facing both resource constraints and the need to overcome operational challenges, management of nonprofits are changing their approach to utilizing new technologies.

Nonprofit organizations that have begun their digital transformation are beginning to reap the benefits with clear efficiencies, including:

  • Clearer data and reporting mechanisms
  • Stronger tools to stay organized across the business
  • Easier transition to working remotely
  • Time saved on administrative duties

The nonprofit sector believes that technology is vital for both the immediate well-being of their teams as well as their long-term success.

Planning ahead

Looking ahead into 2022, nonprofits are beginning to express some optimism:

  • 4 in 10 are forecasting a revenue increase for 2022, with 44% expecting an increase of 25% or higher
  • 35% expect year-over-year revenue to remain flat
  • 15% expect a decrease in revenue
  • 8% are uncertain of their revenue projections

Growth is top-of-mind for these nonprofit organizations. Four in ten are planning to prioritize the expansion of their donor base, build their digital presence on social media and increase brand awareness. To achieve these priorities, their top investments will include the increased use of digital/automated platforms, increased marketing budget, and hiring skilled staff.

To learn more, please download the full Grow Together: How digital transformation empowers Canadian nonprofit organizations to embrace change report.

Methodology
Sage partnered with Leger, national research and analytics firm, to survey 75 non-profit financial directors across Canada between January 12th and January 25th, 2022. We also conducted focus groups with six non-profit financial directors between January 27th and February 7th, 2022.

Leave a comment »

Terranova Security Announces Cyber Hero Score

Posted in Commentary with tags on March 24, 2022 by itnerd

Terranova Security, the global partner of choice in security awareness training with more than 20 years of experience educating the world’s cyber heroes, has announced Cyber Hero Score. This new feature allows organizations to quantify risk by assigning unique ratings to each end user or user profile based on their cyber security behaviors. Cyber Hero Score is a visionary addition to the Terranova Security offering, primed to disrupt the industry by going beyond assessment surveys in determining employee risk levels, using personalized metrics.

Cyber Hero Score can be used for individuals, user profiles, teams, departments, countries, and business units. This intel facilitates how organizations build tailored cyber awareness training campaigns based on actual end user behaviors and progression over time. A Cyber Hero Score will draw from multiple factors, including the:

  • Role, function, and regional location within the organization 
  • Risk and security awareness knowledge levels 
  • Access permissions to sensitive information 
  • Proximity to previous data breaches

Security awareness training metrics, such as course participation and completion rate, phishing simulation results, and behavior change performance over time, are also considered. By accurately assessing risk and security awareness levels, organizations can quickly identify high-risk users or profiles, pinpoint specific behavior change areas, and personalize the resulting training campaigns to suit those unique realities. As a result, organizations can significantly reduce the human risk factor.

Cyber Hero Score is an asset for all organizations, regardless of whether their employees work within a remote/hybrid model or in-office. Training administrators must clearly understand team members at higher risk of being targeted by a cyber-attack and if they have adequate knowledge and skills to safeguard against attempts to compromise sensitive data. Organizations will leverage Cyber Hero Score to risk-based campaigns that respond and adapt to behavior changes based on an individual’s unique awareness training journey. This feature underpins a security-first mindset that helps mitigate risk, build cyber threat resilience, and grow security awareness across all departments, regions, and functions.

For more information on how Cyber Hero Score plays an integral part in building cyber threat resilience and growing a cyber-aware security culture through targeted, risk-based training, visit the dedicated webpage on the Terranova Security site.

Leave a comment »

Nuspire Provides Advice For Customers Of Okta Who Might Be Affected By The Lapsus$ Hack

Posted in Commentary with tags on March 24, 2022 by itnerd

You might recall that threat actor group Lapsus$ posted screenshots in their Telegram channel of what they claim to be Okta customer data. Okta is a leading provider of authentication services and Identity and Access Management (IAM) solutions. They’re used by organizations worldwide as a single sign-on (SSO) provider, allowing employees to securely access a company’s internal systems, such as email accounts, calendars, applications and more. Okta has responded with their version of events as well.

Lapsus$ has previously claimed responsibility for the leaked proprietary data of companies such as NVIDIA and Samsung. Unlike ransomware groups, Lapsus$ does not encrypt data once they gain access. Instead, they exfiltrate the data and threaten to publish what they’ve gathered if demands are not met. The group began by focusing on Latin American victims and some security researchers suspect the group is based in Latin America.

In the interest of helping customers of Okta since it is said that over 300 customers might be affected by this, I reached out to managed security provider Nuspire and JR Cunningham, CSO at Nuspire was kind enough to provide these recommendations:

  • Review your Okta audit logs for suspicious activity focused on superuser/admin Okta accounts.
  • Rotate passwords for high-privileged accounts.
  • Check for privileged accounts created around the time of the suspected breach. (January 21, 2022).

Hopefully that helps companies take a security posture that help to protect them from being the next victim of Lapsus$.

Leave a comment »