Skip to main content
close search
site logo

Cyber Safety Review Board to probe Lapsus$ ransomware spree

Following an inaugural review of Log4j, the board will investigate the threat actor’s prolific campaign of cyber extortion against major companies, including Uber, T-Mobile and Nvidia.

Published Dec. 2, 2022
David Jones's headshot
Reporter
A man in a suit stands behind a chair while holding its back.
Homeland Security Secretary Alejandro Mayorkas prepares to testify before the House Homeland Security Committee in the Cannon House Office Building on Capitol Hill on November 15, 2022 in Washington, DC. Chip Somodevilla via Getty Images

The Cyber Safety Review Board is set to examine the Lapsus$ ransomware gang, the U.S. Department of Homeland Security announced Friday. A prolific group, Lapsus$ has targeted a wide range of global companies and government agencies, sometimes with ruthless digital extortion, since late 2021. 

The 15-member board, chaired by DHS Under Secretary for Policy Robert Silvers, reviewed the ransomware group’s activities over the past year and sent recommendations to President Joe Biden via Homeland Security Secretary Alejandro Mayorkas and Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency.

Lapsus$ has heavily targeted critical infrastructure providers following an initial attack on the Brazil Ministry of Health last year. The group has been linked to a series of high-profile attacks against major companies ranging from T-Mobile to Nvidia and ride-hailing giant Uber. 

“The CSRB will review how this group has allegedly impacted some of the biggest companies in the world, in some cases with relatively unsophisticated techniques, and determine how we all can build resilience against innovative social engineering tactics and address the role of international partnerships in combating criminal cyber actors,” Mayorkas said Friday during a conference call with reporters. “As cyberthreats continue to evolve, we have to evolve the methods we use to protect ourselves against cybercriminal activity and increase our resilience against future attacks.”

In its first review, the CSRB found Log4j to be an “endemic vulnerability,” with ramifications that could extend years into the future. 

The report said attacks stemming from Log4j were at lower levels than initially feared, but highlighted the inherent risks from the widespread open source computing due to a lack of financial and labor resources. 

CSRB Deputy Chair Heather Adkins, VP of security engineering at Google, noted that many of the reported targets of Lapsus$ were considered to have very strong cybersecurity programs. These organizations had followed recommended security controls, and in some cases even advanced controls, but still felt a significant impact from the attacks. 

Several alleged members of the extortion gang have been arrested, but researchers suspect other affiliates of Lapsus$ remain unaccounted for.

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell