Technology companies have become dominant players in the market; they have allowed us to be present in meetings from anywhere and take us from one point to another with just a few clicks on our devices. So many users using these technologies should receive protection for their personal data. Unfortunately, this is not the case. We tell you about 4 cyberattacks that have occurred so far this year by the same group of cybercriminals.
4 Companies Attacked by the Same Group of Hackers Using Social Engineering: LAPSUS$
Let's define the concept of Social Engineering: In the context of digital security, it manipulates users to obtain confidential information. An example of this practice is using the “forgotten password” feature on login-enabled websites. A system that can grant a malicious attacker full access to a user's account, while the original user will lose access to the account.
Now, with a brief explanation of this type of attack, we will understand how the group calling itself LAPSUS$ successfully carried it out in 2022.
NVIDIA
A multinational company that primarily develops graphics processing units and integrated circuit technologies.
In late February, the hacker group Lapsus$ attacked the company, publishing almost 1TB of company information. Information that included employee passwords and confidential information about future products.
SAMSUNG
Samsung also suffered a cyberattack by the Lapsus$ group at the end of July. The cybercriminals made public confidential company data, source code for some apps, and security services used on Galaxy phones.
Although the attack did not include its users' social security or credit/debit card numbers, their names, dates of birth, product registration, and demographic and contact information did.
This attack led the company to hire an external cybersecurity firm to increase and strengthen its digital security.
UBER
We continue with the cyber attack allegedly caused by Lapsus$. Uber is not 100% sure, but it accuses the group of teenage hackers since their techniques are similar (social engineering). In 2022 alone, they have attacked Microsoft, Cisco, Nvidia, and Samsung.
It all happened this past September 15, when The New York Times reported that the attack was carried out through social engineering against a high-profile employee, compromising access to his communications service account, Slack.
From this access, the attacker was able to access several employee accounts, which gave him elevated permissions to several tools, such as G-Suite and Slack.
Uber continues investigating what happened, working with several leading digital forensic firms in the sector to strengthen its digital security.
ROCKSTAR GAMES
The last one on our list was also made in September by the same hacker, who uses the name “teapotuberhacker” and is 17 years old.
This cybercriminal leaked over 90 videos of the video game Grand Theft Auto VI by Rockstar Games.
This is how the year 2022 has been a year of increased cyberattacks. Through different techniques, criminals continue to affect all types of companies. This is why investing in our companies' cybersecurity has stopped being a luxury and has become a necessity.
We invite you to learn about our Cybersecurity service in Madata and receive a free consultation to determine your degree of vulnerability and learn how to strengthen yourself against any type of digital attack.
Write to us at contacto@madata.com