CSRB Report on Lapsus$ Attacks: Key Takeaways and Law Enforcement Cooperation

After engaging with nearly 40 organizations and individuals with varied expertise, the Cyber Safety Review Board (CSRB) recently released a report (Report) summarizing the findings of its review of the activities associated with a threat actor group known as Lapsus$. “The CSRB’s latest report reinforces the need for all organizations to take urgent steps to increase their cyber resilience, including the implementation of phishing-resistant multi-factor authentication,” said Cybersecurity and Infrastructure Security Agency Director Jen Easterly. With practical insights from Paul H. Luehr, a partner at Manatt, this first installment of a two-part article series discusses key takeaways from the Report, attack techniques used by the threat actors and the first of four critical areas addressed in the Report’s findings and recommendations. Part two will dive into the three remaining areas, including strengthening identity and access management, mitigating telecommunication vulnerabilities and building resilience. See “Four Steps to Secure Open-Source Software After CSRB’s Log4j Investigation” (Sep. 7, 2022).

To read the full article

Continue reading your article with a CSLR subscription.