The string of recent data breaches at major technology companies like Microsoft, Nvidia and Samsung by the Lapsus$ hacking group are an important reminder that all businesses need to have in place strong social engineering defenses that extend throughout the entire organization.
Although several alleged members of Lapsus$ have now been arrested, and the group may no longer pose the threat it once did, the innovative social engineering tactics it utilized are likely to be repeated by other criminal hacking groups.
These tactics may catch many companies off-guard, particularly if they are too focused on conventional tactics like email phishing. Robust monitoring and defense solutions are needed to protect corporate assets against a range of diverse tactics, from insider recruitment to the targeting of help desks and support teams, phone-based social engineering attacks, personal email compromises, SIM jacking, pass-the-cookie session hijacking and more. Groups like Lapsus$ begin with a compromised employee or contractor account and then use this initial access point to escalate privileges inside the targeted organization.
“Social engineering tactics are constantly evolving, and businesses need to be prepared for a wide range of attacks that can exploit a large, and often far-flung, employee and contractor base, with tactics that are increasingly aiming for below-the-radar targets such as personal email accounts, cell phones and digital communications platforms like Slack,” said Chris Lehman, CEO of SafeGuard Cyber. “The recent attacks by the Lapsus$ hacking group demonstrate that even the biggest companies in the world can fall victim to social engineering efforts, especially when they target employees and platforms that are of a lower priority for large corporate security programs.”
As the world’s leading provider of security and compliance solutions for today’s communications-based threats, SafeGuard Cyber is issuing important safety advice on what steps companies can take to better defend against these evolving social engineering threats. It is particularly important for organizations to protect their digital communications platforms, as attackers may use these channels to escalate privileges inside the company once they have gained access through an employee’s account.
Here are several steps businesses can take to prevent this type of privilege escalation:
- Segment communication channels like Slack. This will allow companies to isolate certain types of employees and limit employee access. For example, segment your Slack channels between your main corporate environment and subcontractors where possible.
- Restrict employees from sharing sensitive information, like email addresses, passwords and unencrypted data/files in communications platforms.
- Establish security awareness training for employees. Educate them on the potential risks of using Slack and other messaging applications, what social engineering methods attackers use, etc.
- Have a monitoring solution to detect and respond to new/emerging threats and detect employee violations, like sharing credentials or other sensitive information.
- Utilize Natural Language Understanding to understand the context and intent of human-to-human communication across multiple communication channels.
For more detailed advice and explanations about this threat, read SafeGuard Cyber’s analysis, “Lapsus$ Playbook in the Open, and Companies Are Not Ready,” by Director of Intelligence Storm Swendsboe and CRO Mike Campfield.
SafeGuard Cyber’s security and compliance solutions enable organizations to manage risks across a wide range of digital communications. The company’s platform allows enterprises to:
- Manage day-to-day business communication risk extending beyond email and into enterprise communication applications like Slack, Zoom, Microsoft Teams, LinkedIn, and WhatsApp.
- Secure the organization by protecting the human and detecting and responding to patterns, context, and intent of communications that indicate advanced social engineering and targeted communication-based attacks, including business compromise earlier in the kill chain.
SafeGuard Cyber has been recognized by several industry groups and publications and was named one of Cybercrime Magazine’s “10 Hot Cybersecurity Channels to Watch in 2021.” The company also received eight Cybersecurity Excellence awards for 2022 and the “SaaS Security Solution of the Year” award in 2021.