Is Lapsus$ Run By A Teenager Living With His Mom In The UK?

Here’s a plot twist in the whole Lapsus$ saga. Bloomberg is reporting that a Teen is suspected by Cyber researchers of being Lapsus$ mastermind. Cybersecurity researchers investigating the hacking group, on behalf of the companies that were attacked, said they believe the teenager, who lives at home with his mother in Oxford, England, is a mastermind. Cybesecurity expert Brian Krebs has posted a story that speaks to this as well, along with further details about the Lapsus$ group.

Based on this, I have a fair amount of commentary from a variety of experts. The first being Lucas Budman, CEO of TruU:

This is yet another example of bad actors continuing to exploit the vulnerabilities of the password.  As an industry we need to decide do we want to continue to try to “plug the proverbial hole in damn” by resetting passwords and/or adding 2FA (which is effectively a single factor at this point as the password is likely compromised already) in response to these events.  Or, are we ready to “use a new damn” and move on to passwordless MFA.

Peter Stelzhammer, Co-Founder of AV-Comparatives is next with this commentary:

“Hackers are no longer pupils, just doing it for fun. While pupils are eager to learn the ways of hacking, what must be understood is that if taken out of hand, it becomes online, organized crime. While hackers are sometimes hired as someone to do their job of their own accord, usually, it is always for the money.”

“Often it starts with social engineering and ends with a successful breach. Cybercriminals are most of the time well educated and geniuses in their field. The money made in cybercrime is much more than in the global drug market.”

Finally, we have Darren Williams, Founder and CEO, BlackFog with his perspective:

“So far this month we’ve seen Lapsus$ claim attacks on Okta, Samsung, Vodafone and Microsoft to name a few, so you’d easily be forgiven thinking there is a gang of cybercriminal masterminds behind these attacks. The ‘gang’ or potentially the teenager working from his mother’s house, made their mark in the ransomware world with the attack on Portuguese media conglomerate Impresa. Lapsus$ demonstrated a sense of humor following the incident when they tweeted that “Lapsus$ is the new president of Portugal”. Whether a criminal gang or a teenager from Oxford it’s clear that the ‘organization’ has the ability to infiltrate some of the world’s largest organizations at a speed that makes these attacks impossible to prevent using traditional perimeter defence tools. More than 84% of all attacks involve data exfiltration, exposing data on the Dark Web and/or public web sites. By refocusing security efforts on anti-data exfiltration, organizations are able to mitigate extortion attempts, regulatory fines, reports and ultimately the loss of trust in the business.”

Regardless who runs this hacking group, the main thing that you have to know is that they are dangerous because they are extremely effective. You need to take action in terms of strengthening your security posture so that you don’t become the next victim of Lapsus$.

One Response to “Is Lapsus$ Run By A Teenager Living With His Mom In The UK?”

  1. […] Straight Talk About Information Technology From A Nerd Who Speaks English « Is Lapsus$ Run By A Teenager Living With His Mom In The UK? […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: