LAPSUS$ exposes cyber gaps in the most mature organisations

The LAPSUS$ group, widely reported to consist of teenagers, exploded onto the cyber scene late last year and has become one of the most talked about and notorious online extortion groups after successfully breaching major companies like Microsoft, Samsung, Ubisoft and Okta.

A deep investigation into the operations of the LAPSUS$ group by Tenable’s Senior Research Engineer Claire Tills reveals that the group’s tactics were still successful in disrupting major international technology companies, while being brazen, illogical and unsophisticated.

The LAPSUS$ group represents a growing breed of extortion-only cybercriminals, focusing exclusively on data theft and extortion by gaining access to victims through tried-and-true methods like phishing, and stealing the most sensitive data it can find without deploying data-encrypting malware. The group gained limelight when it launched an attack against Nvidia in late February, making its debut onto the global stage through major technology companies.

LAPSUS$ announces victims through Telegram. Compared with the polished, standardized sites of ransomware groups (like AvosLocker, LockBit 2.0, Conti etc.), these practices come off as disorganized and immature. The group’s early attacks featured distributed denial of service (DDoS) and website vandalism.

Claire Tills, Senior Research Engineer, Tenable, said, “Just like ransomware, extortion attacks aren’t going anywhere until they are made too complicated or costly to conduct. Organizations should evaluate what defenses they have in place against the tactics used, how they can be hardened and whether their response playbooks effectively account for these incidents. While it may feel easy to downplay the threat groups like LAPSUS$, their disruption of major international technology companies reminds us that even unsophisticated tactics can have a serious impact.”