Welcome to Cyber Insights, this month we share two security breaches carried out by ‘The Lapsus$ Gang’, a scam relating to Emergency Data Requests (EDR) and tips on what to do if you find a USB stick in a public place.
LATEST SCAM
In the United States, law enforcement agencies must obtain a court-ordered warrant or subpoena before requesting user data from a tech company. However, law enforcement agencies can bypass this process in extreme scenarios by issuing an Emergency Data Request (EDR). Since the request is urgent, tech companies must act quickly and trust the agency that issued the request. Unfortunately, cybercriminals have begun hijacking law enforcement email systems to send fake EDR emails and gather sensitive user data.
Recent news has revealed that in 2021, Apple, Meta, and other tech companies responded to fake EDRs and provided user data to cybercriminals. This data included users’ addresses, phone numbers, and IP addresses. Now that this data breach is making headlines, we expect cybercriminals to use EDR-related data leaks as a topic in phishing attacks and social media disinformation campaigns.
Here are some tips to stay safe:
- Be cautious of emails or phone calls that claim you or your organisation have been affected by these data leaks. Typically, this sort of information is communicated through regular mail.
- Watch out for sensational or shocking headlines about Apple, Meta, or other tech companies that have experienced EDR-related data leaks. These headlines could lead to articles that contain disinformation, or false information designed to mislead you intentionally.
- Protect yourself from potential data breaches by regularly updating your passwords, using multi-factor authentication, and limiting the amount of information you share with social media platforms
LATEST BREACH
Exploit: Unauthorised Access Microsoft: Software Company Risk to Business: Severe
|
The Lapsus$ gang has released 37GB of source code that they snatched in a brazen hit on Microsoft’s Azure DevOps server. Microsoft confirmed the incident, saying that the threat actors gained access through a compromised employee account. The source code looks to pertain to various internal Microsoft projects, including for Bing, Cortana and Bing Maps. Microsoft made a blog post about its recent operations to track and potentially interfere with Lapsus$ last week. The company was quick to state, “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.” Lapsus$ is known to be a ransomware outfit, but no ransom activity was disclosed in this incident. |
Lapsus$ also pulled off another high-profile attack, this time against access management company Okta. Lapsus$ announced that it had breached Okta’s security in January on March 22. Supporting the claim, the group published screenshots related to Okta’s internal apps and systems. This one had a bit of a bumpy acknowledgment process by Okta who originally said no customer data was accessed but later clarified, saying “a small percentage of customers – approximately 2.5% – have potentially been impacted and (their) data may have been viewed or acted upon. A third-party service provider’s previous breach likely also played a part in the incident. No specifics on the data were given. As we stated above, Lapsus$ is typically involved in ransomware operations but no details of any ransomware activity have been reported. |
CYBERSECURITY TIPS
Have you ever found a USB Stick/Thumb Drive, or a CD on the ground or in a parking lot? While you may be tempted by curiosity to see what data is on there, or perhaps to identify the owner, do not insert any of these found objects into your computer. This is a common tactic used by bad guys to infiltrate your network and steal information and to gain unauthorised access. Code can be executed simply by inserting these devices into your computer. By the time you can see what files are on it, the damage may have already been done. Your company should have a policy on how to handle such a situation. If they do, please be sure to follow the guidelines as listed in that policy. If you are not sure, or if your company does not have a policy, ask your IT department what you should do in this situation. The average cost of a cyber attack such as this one on a small company is $200,000. The cost to a large public corporation can cost over $6,000,000 per day of downtime. Remember to always refer to your company policies or consult your IT department on how to handle these situations. |
Find out more about cybersecurity for your business here or book a complimentary consultation with our Chief Information Security Officer, Chris Haigh here
