Lapsus$ Crime Spree Continues | Second Biggest Crypto Hack Ever| UK Cyber Security Breaches Survey
Article by Christopher Lauder, Delegate Relationship Executive, Rela8 Group
Lapsus$ Crime Spree Continues
First, let’s check in with what has been one of the biggest stories in the cyber world over the last two months. The Lapsus$ cybercrime group has shot to prominence over recent weeks following a series of high-profile attacks against companies such as Nvidia, Samsung, Ubisoft, Okta, and Microsoft which has resulted in data exfiltration, extortion, and leakage.
Though UK law enforcement has arrested seven people in connection to the Lapsus$ group, it seems to have done nothing in terms of affecting the group’s ability to conduct cyber-attacks. Last week, the group carried out a fresh attack against the software company Globant. This attack drags many of their prominent customers into the mix too, such as Meta, Alphabet, and Apple.
This attack has reportedly resulted in up to 70GB of customer data being leaked. This data includes credentials used by Globant administrators to access different development platforms. The data also appears to include source code relating to multiple Globant customers.
Globant confirmed the breach on March 30th saying:
“We have recently detected that a limited section of our company’s code repository has been subject to unauthorised access. We have activated our security protocols and are conducting an exhaustive investigation.”
“According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients. To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected. We are taking strict measures to prevent further incidents.”
Source - Lapsus Group Breaches - ZD Net
Source - Lapsus Group Breaches - IT Pro
Second Biggest Crypto Hack Ever
Hackers have stolen cryptocurrency worth over $600 million from a digital ledger that is used by players of the online game Axie Infinity. Roinin Network has said that the attack targeting its blockchain netted 173,600 Ethereum and $25.5 million worth of Stablecoin – a digital asset which is pegged to the US dollar.
The total haul of the attack was valued at $545 million when it was stolen on March 23rd. However, it was worth roughly $615 million based on prices on Tuesday, March 29th. This makes it one of the largest ever thefts in the crypto world. In an email, Tom Robinson, chief scientist at blockchain analytics firm Elliptic, pointed out the heist was the second-biggest hack ever, based on the value of the cryptocurrency at the time of the attack.
In the blog post on March 29th, Ronin said it has reached out to security teams at major exchanges and blockchain analytics firm Chainalysis for help and has temporarily halted transactions on its network “to ensure no further” attack vectors remain open for the hacker to exploit any cybersecurity vulnerabilities.
Source - Second Biggest Crypto Hack - Forbes
UK Cyber Security Breaches Survey
At the end of last week, the UK government released their annual Cyber Security Breaches Survey report for 2022. There are a plethora of statistics included in this report which are worth reviewing:
- Around a third (31%) of businesses experience cyber-attacks or breaches at least once a week.
- Over a quarter (26%) of charities also reported being hit by attacks at least once a week.
- Of the 39% of businesses that identified attacks, by far the most common threat vector was phishing (83%). Around one in five (21%) of these firms identified more sophisticated attack types like denial of service, malware, or ransomware.
- The average estimated cost of all cyber-attacks was £4200 in the past 12 months. However, for medium and large firms, this cost surged to £19,400.
- Encouragingly, the report revealed that UK organizations are placing increased attention on the security of supply chains and digital services following numerous high-profile incidents in the past year. For example, 82% of senior managers now view cyber security as a ‘very high’ or ‘fairly high’ priority.
Responding to these figures, the UK Government has also published guidance called ’10 Steps to Cyber Security’ which breaks down the task of protecting an organisation into ten key components. The report found that 49% of businesses and 40% of charities have acted in at least five of the ten areas in the government guidance.
Source - 10 Steps to Cyber Security - NCSC