"Cyber Safety Review Board Turns Its Sights on Lapsus$ Extortion Group in Latest Review"
According to officials at the Department of Homeland Security (DHS), the Cyber Safety Review Board (CSRB), a federal board tasked with studying major hacks and their consequences, will focus its next review on the Lapsus$ criminal extortion group. The federal board, led by DHS and comprised of top federal cybersecurity officials and private sector experts, will investigate the group's tactics for breaking into the networks of some of the world's largest organizations, and will develop "actionable recommendations" to protect organizations, customers, and employees. The first report from the board focused on the Log4j vulnerability. In this next case, they will focus on a highly successful group of hackers who have gained access to high-level accounts at major corporations through various phishing and vishing schemes. Secretary of Homeland Security Alejandro Mayorkas said the review would focus on helping the public defend against innovative social engineering tactics and support the role of international partnerships in combating cybercriminals as cyber threats evolve. The decision to focus on Lapsus$ is the latest effort by the US and its international allies to increase pressure on the hacking and extortion group following a string of successful and high-profile breaches over the past year. Seven alleged members of the group, all between the ages of 16 and 21, were arrested in London in March, while the FBI issued a public alert the same month seeking tips on the group and its members. The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and other federal agencies already routinely collaborate on public advisories and alerts focusing on specific hacking groups, the tactics they employ, and how to defend against their attacks. Board members stated that a Lapsus$ review by the CSRB would be different from those developments due to the board's unique public-private composition and its ability to obtain cooperation from victim companies in order to obtain insights. This article continues to discuss the Lapsus$ criminal extortion group being the focus of the CSRB's latest review.