On Tuesday, we discussed the importance of protecting your proprietary source code. A group called Lapsus$ recently attacked Samsung and Nvidia's source codes. It seems they've struck again, this time against Microsoft's.
Microsoft published a summary of the incident on their security blog on March 22nd. Casting off Lapsus$'s own moniker and dubbing them DEV-0537 instead, Microsoft details the tactics the group uses to breach companies' security systems:
Unlike most activity groups that stay under the radar, DEV-0537 doesn’t seem to cover its tracks... Their tactics include phone-based social engineering; SIM-swapping to facilitate account takeover; accessing personal email accounts of employees at target organizations; paying employees, suppliers, or business partners of target organizations for access to credentials and multifactor authentication (MFA) approval; and intruding in the ongoing crisis-communication calls of their targets.
Let's examine these tactics in detail and discuss what firms and individuals can do to mitigate them.
Personal Information
SIM Swapping occurs when a hacker moves a person's phone account information and security credentials to another phone that the hackers control. Naturally, this gives the criminal access to any accounts linked to that phone. Alternatively, they can use the stolen information associated with that phone to set up new accounts with new merchants. In order to do this, a hacker must convince a phone's service provider that they're, in fact, the original customer. Once that's done, they lie to the carrier, saying the original phone's SIM card has been lost or stolen, before requesting to swap to a new phone.
Accessing employee email accounts can be accomplished with phishing schemes and other established hacking tactics. If the criminals are organized enough they can also resort to bribery and extortion to obtain an employee's security credentials, which they can then use to circumvent two-factor authentication systems and other forms of cybersecurity.
All of these tactics require the criminal to first obtain or subvert a person's information in order to gain access to secured accounts. In DEV-0537's case, the tactics used are varied, broad and destructive. This is not some lone hacker in his basement trying to scrape cash from hapless individual victims. They're a large, organized group of criminals targeting large corporations with established security infrastructure. Firms who want to protect themselves need to be as informed as possible about their tactics if they wish to avoid losses.
What is to be Done?
Microsoft's blog gives some strategies firms should employ against Lapsus$. The first recommendation is strong multi-factor authentication (MFA) techniques, namely ones that don't rely on text messages and phone calls, both of which can expose people to SIM swapping. Additionally, they recommend expanding MFA to all internet facing systems, even those in main offices.
Next, they recommend limiting the number of trusted end points within the organization. End points are devices that communicate with a firm's network. By limiting the number of trusted endpoints, you reduce the opportunities for hacking mischief.
Thirdly, they recommend a variety of advanced security protocols for protecting VPNs and cloud-based storage systems. These include methods like OAuth, SAML, and Azure AD Password Protection.
Finally, as we've pointed out before, they recommend educating relevant staff on the tactics DEV-0537 uses to steal information. Keeping your employees up to date on contemporary security threats will reduce the likelihood that someone will be fooled into giving out their information.
Are you worried about cyber crime? Not sure where to begin? Give Titan Tech a shout out today to learn how they can improve your cybersecurity posture.
And join us next week for more tech news.