By Emma Roth, a news writer who covers the streaming wars, consumer tech, crypto, social media, and much more. Previously, she was a writer and editor at MUO.
The US Cybersecurity and Infrastructure Security Agency (CISA) is calling for stricter SIM swapping protections and the transition to a passwordless future following last year’s Lapsus$ attacks. In a lengthy report released on Thursday, the agency details the teen hacking group’s key techniques and provides recommendations to prevent similar attacks going forward.
Lapsus$ made headlines last year after it took credit for the cyberattacks affecting major tech companies like Nvidia, Samsung, Ubisoft, T-Mobile, Uber, and Microsoft. The group also managed to steal and leak 90 videos containing gameplay footage from Rockstar’s upcoming Grand Theft Auto VI game. Seven teenagers connected to the group were arrested in London last year.
CISA also asks that the Federal Trade Commission and Federal Communications Commission do more to protect consumers against SIM swapping attacks. Last month, the FCC proposed a new set of rules that would require wireless providers to “adopt secure methods of authenticating a customer” when performing SIM swaps.
“Lapsus$ was unique for its effectiveness, speed, creativity, and boldness; it operated in a way that gifted the Board a propitious lens through which we could see systemic issues in the digital ecosystem,” CISA writes. “Lapsus$ exploited, to great and wide effect, a playbook of effective techniques, which other threat actors can also use.”
Despite the scale of the Lapsus$ attacks, CISA says the group makes it clear “just how easy it was for its members (juveniles, in some instances) to infiltrate well-defended organizations.” One
Read more on theverge.com