Department of Homeland Security Releases Cyber Safety Review

The Department of Homeland Security recently released its latest Cyber Safety Review Report, which summarized the findings from a threat actor known as Lapsus$. Cyber security has become the leading shield against attacks on US industry, infrastructure, and military.  For example, the colonial pipeline hack in 2021 caused a gas shortage and subsequent price hike in Florida, Georgia, Alabama, Virginia, and the Carolinas.  In it’s report, the DHS explained how Lapsus$ was able to infiltrate dozens of influential organizations and individuals-including members of US law enforcement and intelligence agencies.  Infiltration usually was a result of relatively simple methods, like stealing phone numbers and phishing (spamming) employees, and was done by an organized group of teenage hackers.  The breeches were made easier by the lack of 2-factor authentication used by the victim organizations.  In the concluding sections of the report, CISA Director Jen Easterly explained how  “The CSRB’s latest report reinforces the need for all organizations to take urgent steps to increase their cyber resilience, including the implementation of phishing-resistant multi-factor authentication,”…“I look forward to working with our federal and industry partners to act on the CSRB’s recommendations, to include continuing our secure-by-design work with technology manufacturers to ensure that necessary security features are provided to customers without additional cost.”