fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Confirms they were Hacked by Lapsus$ Extortion Group

Microsoft Confirms they were Hacked by Lapsus$ Extortion Group

Microsoft has confirmed that one of their employees was compromised by the Lapsus$ hacking group, allowing the threat actors to access and steal portions of their source code.

Last night, the Lapsus$ gang released 37GB of source code stolen from Microsoft’s Azure DevOps server. The source code is for various internal Microsoft projects, including for Bing, Cortana, and Bing Maps.

Leaked source code projects
Leaked source code projects

In a new blog post published tonight, Microsoft has confirmed that one of their employee’s accounts was compromised by Lapsus$, providing limited access to source code repositories.

Also Read: Revised Technology Risk Management Guidelines of Singapore

“No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity,” explained Microsoft in an advisory about the Lapsus$ threat actors.

“Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. The tactics DEV-0537 used in this intrusion reflect the tactics and techniques discussed in this blog.”

“Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.”

While Microsoft has not shared how the account was compromised, they provided a general overview of the Lapsus gang’s tactics, techniques, and procedures (TTPs) observed across multiple attacks.

Focusing on compromised credentials

Microsoft is tracking the Lapsus$ data extortion group as ‘DEV-0537’ and says they primarily focus on obtaining compromised credentials for initial access to corporate networks.

Also Read: New Licensing Requirements For Cyber-Security Service Providers in 2022

These credentials are obtained using the following methods:

  • Deploying the malicious Redline password stealer to obtain passwords and session tokens
  • Purchasing credentials and session tokens on criminal underground forums
  • Paying employees at targeted organizations (or suppliers/business partners) for access to credentials and multi-factor authentication (MFA) approval
  • Searching public code repositories for exposed credentials

Redline password stealer has become the malware of choice for stealing credentials and is commonly distributed through phishing emails, watering holes, warez sites, and YouTube videos.

Once Laspsus$ gains access to compromised credentials, they use it to log in to a company’s public-facing devices and systems, including VPNs, Virtual Desktop infrastructure, or identity management services, such as Okta, which they breached in January.

Microsoft says they use session replay attacks for accounts that utilize MFA, or continuously trigger MFA notifications until the user becomes tired of them and confirms that the user should be allowed to log in.

Microsoft says that in at least one attack, Lapsus$ performed a SIM swap attack to gain control of the user’s phone numbers and SMS texts to gain access to MFA codes needed to log in to an account.

Once they gain access to a network, the threat actors use AD Explorer to find accounts with higher privileges and then target development and collaboration platforms, such as SharePoint, Confluence, JIRA, Slack, and Microsoft Teams, where other credentials are stolen. 

The hacking group also uses these credentials to gain access to source code repositories on GitLab, GitHub, and Azure DevOps, as we saw with the attack on Microsoft.

“DEV-0537 is also known to exploit vulnerabilities in Confluence, JIRA, and GitLab for privilege escalation,” Microsoft explains in their report.

“The group compromised the servers running these applications to get the credentials of a privileged account or run in the context of the said account and dump credentials from there.”

The threat actors will then harvest valuable data and exfiltrate it over NordVPN connections to hide their locations while performing destructive attacks on the victims’ infrastructure to trigger incident response procedures. 

The threat actors then monitor these procedures through the victim’s Slack or Microsoft Teams channels.

Protecting against Lapsus$

Microsoft recommends that corporate entities perform the following steps to protect against threat actors like Lapsus$:

  • Strengthen MFA implementation
  • Require Healthy and Trusted Endpoints
  • Leverage modern authentication options for VPNs
  • Strengthen and monitor your cloud security posture
  • Improve awareness of social engineering attacks
  • Establish operational security processes in response to DEV-0537 intrusions

Lapsus$ has recently conducted numerous attacks against the enterprise, including those against NVIDIASamsungVodafoneUbisoftMercado Libre, and now Microsoft.

Therefore, it is strongly advised that security and network admins become familiar with the tactics used by this group by reading Microsoft’s report.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us