Cybersecurity Lessons From The 2022 LAPSUS$ Breaches

2022 was an especially frustrating year for cyberattacks on companies in the tech sector. Many of these attacks were on larger companies—those with upwards of billions of dollars in revenue and thousands of employees—and many came from the same cybercrime group, LAPSUS$.

What can we learn from this series of cyberattacks? What did they have in common; how did they differ? What tactics and techniques proved effective? Most importantly, how can businesses use this information to improve cybersecurity measures for the future?

Before we answer all that, let’s dive in to a few of the more prominent LAPSUS$ breaches that shook the industry in 2022.

LAPSUS$ strikes February 2022

On February 23, 2022, rumours began to circulate that the computer hardware company NVIDIA suffered a data breach. A few days later, on the 26th, LAPSUS$ came forward to claim their role in the attack and then leaked 20 GB of company data, including intellectual property (IP) and over 70,000 hashed employee credentials.

While hashed credentials don't sound too valuable, it’s not overly difficult to use them to obtain raw passwords. A company facing this predicament would normally act quickly to reset their passwords.