Lapsus$ – BIG

Lapsus$, the anonymous hacker group responsible for the recent Nvidia, Microsoft and Samsung data leaks, has struck again, this time around breaching Globant — an international software development firm with big clients from around the world, as first reported by The Verge.

Facebook, DHL, BNPParibas, Abbott…

Lapsus$ making a statement post which needs to be verified.@campuscodi @vxunderground #cybersecurity #infosec #Lapsus https://t.co/FNPzz10vTt pic.twitter.com/lBQ1oN37hL

— Dominic Alvieri (@AlvieriD) March 30, 2022

Information about the breach, which was initially shared in a Telegram group by the anonymous hacker gang, claims that they got access to 70GB of important data, with the screenshot showing folders with leaked information from big names like BNP Paribas Cardif, cable network C-SPAN, DHL, Facebook and a folder named ‘Apple Health App.’

The Apple folder, as reported by The Verge doesn’t contain direct Apple data, and rather, has information about Globant’s BeHealthy app, which was developed in partnership with Apple, and tracks data through the Apple Watch.

Since then, Globant has come out about the data breach. “We have recently detected that a limited section of our company’s code repository has been subject to unauthorized access. We have activated our security protocols and are conducting an exhaustive investigation,” reads Globant’s official update about the issue. “According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients. To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected.”

Since then, Lapsus$ has shared a torrent download link in the Telegram group chat, with the 70GB of data available for group members to download for free.

The latest data breach comes less than a week after the U.K police arrested seven people with direct affiliation to the anonymous hacker group.

Image credit: Shutterstock

Via: The Verge

Microsoft confirmed that hacking group ‘Lapsus$’ compromised a “single account” and accessed partial source code for Bing and Cortana.

The company confirmed the breach in a blog post and detailed what Lapsus$ — or ‘DEV-0537’ as Microsoft calls the group — got from the breach. According to Microsoft, no customer code or data was involved. The company says that Lapsus$ only compromised one account, and Microsoft’s security teams responded quickly to remediate the account and prevent further activity.

Moreover, Microsoft said that it doesn’t rely on the secrecy of source code as a security tool. In other words, Microsoft assumes attackers will access source code, and so relies on other tools to protect itself. The company made a similar remark following the massive Solarwinds breach in 2020.

Lapsus$ claimed it got access to around 45 percent of the code for Bing and Cortana, as well as some 90 percent of code for Bing Maps.

The Verge notes that the Lapsus$ group claimed to be behind several recent security attacks and said it stole data from Okta, Samsung, Ubisoft, and Nvidia. While some of the companies have admitted data was stolen, Okta refuted the group’s claims and said its service hadn’t been breached.

Microsoft wrapped up its blog post by outlining steps organizations can take to improve security, especially in regard to Lapsus$. The company described the Lapsus$ attack pattern as gaining “access through stolen credentials that enable data theft and destructive attacks against a targeted organization, often resulting in extortion.”

With that in mind, Microsoft suggests organizations require employees to use multi-factor authentication, or MFA (also called two-factor authentication, or 2FA). MFA involves using multiple methods of authenticating users, such as passwords combined with a one-time passcode (OTP) sent via email, SMS, or through an authentication app. Of the three, Microsoft recommends using a dedicated authentication app to avoid vulnerabilities with email or SMS OTP codes, such as SIM swap attacks commonly used to intercept these codes.

Source: Microsoft Via: The Verge