Experts say companies will need a proactive approach

‘Lapsus$’, the cyber hacking group based in South America with a strong social media presence on Telegram, is making headlines after a string of high profile attacks. The notorious group’s victim l includes Okta, NVIDIA, Samsung, and even Microsoft. But what makes Lapsus$ noteworthy is their exclusive focus on data theft, extraction and then extortion.
“It is not a matter of if, but when you will be hacked,” Saket Modi, co-founder and CEO at Safe Security told . He wants people and tech corporations to understand that Lapsus$ is not just any other hacking group.
“While the investments in cybersecurity are also increasing, but today’s approach of managing cyber risks in siloes through reactive models is no longer enough,” Modi added. Siloes refers to the process of isolating a point in a system, where data is kept segregated from other parts of the system. He wants companies to evolve from present approaches of cyber risk management to one that is proactive and predictive.

“India is a global leader in technology adoption today and needs to adopt a robust cybersecurity incident reporting and risk management framework, irrespective of concerns with Lapsus$. Much like the US which is moving gears in adopting better cybersecurity practices, India too needs to strengthen its national cybersecurity policies and practices,” he stressed.
In the case of the Lapsus$ attacks, the hackers are believed to have used varied sophicated social engineering techniques to exploit organisations. For instance, in the case of Okta, the hacker group was able to get access to the account of an employee of a third-party Okta subprocessor Sykes.
“Third-party risk management is a big challenge today, and cybercriminal gangs will keep exploiting such loopholes if we do not change our approach to cyber risk management,” Modi said.
Prasad T, senior security architect at Verse Innovation notes that the notorious group has offered money to the employees at Verizon and AT&T as much as $20,000 per week so that the users will identify defects to support the criminal operation and conduct “inside jobs.”
In nearly all these cases, Lapsus$ got into the corporations’ networks and stole data and the pieces of source code. After that, the gang leaked the data and the code all over the internet via Telegram, in an attempt to reveal the company’s secrets.
 “Most of their attacks have been against South/North American companies. But it is possible for them to look for giant companies anywhere including in India. They have been targeting companies and not individuals as they get more attention with the corporate companies,” Prasad added.
Further, the group is not motivated money alone. According to Prasad, Lapsus$ appears to be driven “fame more than money as they have been leaking much of their leaked data.”

Modi also highlighted the Nvidia hack, “where the group asked the company to make its graphic cards more efficient for mining cryptocurrency during its extortion demand,” as another example of this fame-seeking behaviour.
The hackers demanded that Nvidia remove its lite hash rate (LHR) feature. For the uninitiated, LHR was introduced the company to limit Ethereum mining capabilities, particularly in the Nvidia RTX 30 series GPU. This was done after the crypto mining community depleted the GPU stocks in 2021. The group is also demanding Nvidia to open source its GPU drivers for macOS, Windows, and Linux devices.