![]() ![]() ![]() Mitigating Controls against Lapsus$, and Lapsus$-like Attacks To avoid triggering security alerts based on geo-location, the attackers will use NordVPN exit nodes in the same region in an attempt to fly under the radar. This would commonly be Remote Desktop Protocol (RDP) or Virtual Private Network (VPN) connections to gain direct access to the victim’s systems or network. Once they have succeeded in compromising a user identity, they then pivot to access internet-facing systems. In some cases, they may target a user’s personal device first and deploy the Redline password stealer to gain access to corporate credentials used to login to email services. One of the group’s bolder tactics involves paying employees of large companies to run remote access tools or hand over credentials. In other instances, the cybercriminal group has succeeded in getting help desks to reset passwords and performed SIM swaps to bypass MFA. In the case of Okta, they targeted a third-party Technical Support Engineer who had privileged access to some Okta systems. ![]() The Lapsus$ group has appeared to be quite skilled at reconnaissance and social engineering. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |