A review of a global cyber attack that ensnared multiple government agencies and other organizations found weak identity management technology continues to leave data and networks at risk, with a top federal cyber official underscoring the need to adopt phishing-resistant multifactor authentication.
The Cyber Safety Review Board’s report on the Lapsus$ group attacks, released last week, found a “collective failure” to account for the risks associated with using short message service (SMS) and voice calls...
A review of a global cyber attack that ensnared multiple government agencies and other organizations found weak identity management technology continues to leave data and networks at risk, with a top federal cyber official underscoring the need to adopt phishing-resistant multifactor authentication.
The Cyber Safety Review Board’s report on the Lapsus$ group attacks, released last week, found a “collective failure” to account for the risks associated with using short message service (SMS) and voice calls for multifactor authentication codes. The group was able to pull off its intrusions in late 2021 through 2022 by using widely available Subscriber Identity Module (SIM) swapping attacks to intercept MFA codes.
“Despite these factors, adopting more advanced MFA capabilities remains a challenge for many organizations and individual consumers due to workflow and usability issues,” the report states.
Meanwhile, the report also found the group was able to gain entry into networks using stolen login credentials that anyone can buy online.
The organizations that used “mature, defense-in depth controls were most resilient to these threat actor groups,” the report found.
“Organizations that used application or token-b ..
Support the originator by clicking the read the rest link below.
