The Department of Homeland security (DHS) announced on Dec. 2 that the Cyber Safety Review Board (CSRB) will investigate the recent cyberattacks perpetrated by the Lapsus$ hacking group.
The hacking group has used techniques that enable them to bypass a range of commonly-used security controls, allowing the group to gain access to a vast number of companies’ data.
“The Cyber Safety Review Board has quickly established itself as an innovative and enduring institution in the cybersecurity ecosystem,” said DHS Secretary Alejandro Mayorkas.
“With its review into Lapsus$, the board will build on the lessons learned from its first review and share actionable recommendations to help the private and public sectors strengthen their cyber resilience,” he added.
Previously, the CRSB wrote its first-ever report on the cybersecurity issues that the Log4j software vulnerability presented to cybersecurity experts. The report was released in July 2022, offering future recommendations and praising the Cybersecurity and Infrastructure Security Agency (CISA) for its response to the vulnerability.
The investigations into Lapsus$ will be conducted by a group of both private and public cyber experts, offering various types of recommendations to prevent future cyber threats.
“Lapsus$ actors have perpetrated damaging intrusions against multiple critical infrastructure sectors, including healthcare, government facilities, and critical manufacturing,” said CISA Director Jen Easterly.
“The range of victims and diversity of tactics used demand that we understand how Lapsus$ actors executed their malicious cyber activities so we can mitigate risk to potential future victims. We applaud the CSRB for taking on this review to help advance our collective cyber defense,” she said.
Once the review is conducted, the report will be sent to President Biden. The agency did not provide a timeline for when the report would be finalized.