Join the ThreatLabz research team and our product experts on Tuesday, 3/29/22 at 9:30am PT for an analysis of the LAPSUS$ Okta attack and strategies for assessing and reducing the impact to your organization.
The extortion threat group LAPSUS$ arrived on threat researchers' radar back in December 2021, with a burst of erratic attacks that represent a notable departure from the business-like operations of ransomware gangs.
This brazen group uses smash-and-grab methods to extort organizations, with techniques that include island-hopping supply chain attacks, phone-based vishing scams, targeting personal emails accounts, buying compromised credentials, and even paying employees or business partners to gain access to permissioned accounts. At first, LAPSUS$ threat activity was focused on companies in South America but has since expanded to high-profile attacks on some of the world’s largest tech companies including LG, Microsoft, NVIDIA, Okta, Samsung, Ubisoft, and Vodafone.
The latest data leaks from LAPSUS$, including partial source code from Microsoft and data of up to 366 Okta customers, have launched this group into the media spotlight and captured the attention of the cybersecurity industry. The Okta breach could be categorized as a software supply chain attack that used a compromised user account from a third-party service contractor to access sensitive systems and clients. Also known as “island hopping,” this technique requires only a single account as an entry point to exploit an integrated ecosystem of connected organizations.
Following these events, it is important that security leaders take to task anticipating how a similar attack would impact their own organization and use this mindset to develop an effective defense strategy. This mentality of preparing for the worst instinctively lends itself to deploying a zero trust strategy. The rest of this article is focused ..
Support the originator by clicking the read the rest link below.
