It has been announced that the Lapsus$ hacking group has claimed another victim: U.S. telecom giant T-Mobile. T-Mobile’s latest security incident was first revealed by security journalist Brian Krebs, who obtained a week’s worth of private chat messages between the core members of Lapsus$. According to the data, Lapsus$ had access to T-Mobile’s network by compromising employee accounts, either by buying leaked credentials or through social engineering.
This latest breach on T-Mobile is yet another example of how attackers are relying on credential theft to carry out ransomware attacks.
Today all ransomware gangs, from BlackCat to Lapsus$ to DarkSide have been relying on compromised user accounts to gain an initial foothold on an organisation’s network and then turn off security controls, steal data and deploy ransomware. This means to fight back against these attacks we need to focus on improving the security of user credentials and passwords, so they can’t be stolen or socially engineered out of victims in the first place.
Of course, promoting better password hygiene is one way to reduce risk, but the strategy has limits. To prevent criminals from utilising weak passwords or phishing for passwords, one of the safest approaches is to transition your enterprise to passwordless authentication. After all, if a user doesn’t know their passwords, how can they be phished for them?