Recently, the US Department of Homeland Security’s Cyber Security Council published a report on Lapsus$’s successful tactics that often involve exploiting system weaknesses and social engineering. Techniques used by the group include a unique approach to bypassing multi-factor authentication, which involves sending calls to people who “disturb” people while they sleep, and gaining access to MFA registration portals.
Despite its lack of technical sophistication, Lapsus$ managed to break into many objects and steal confidential data, forcing cybersecurity experts to come up with new countermeasures. The report’s recommendations include implementing passwordless authentication systems and tightening phone number portability rules to prevent practices like SIM fraud.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
