CISA Advises Firms to Adopt Passwordless Security in LAPSUS$ Report

 

A series of high-profile cyber attacks carried out by teenage hackers in 2021 and 2022 reveals systemic flaws in the telecommunications industry and security practices employed by a number of businesses, according to a Department of Homeland Security investigation. 

The department’s Cyber Safety Review Board, in a 59-page report released Thursday, urged the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC) to strengthen their oversight and enforcement activities related to SIM swapping, and requested telecommunications providers to report such attacks to the regulators. 

The board also advised organisations to abandon widely used SMS and voice-based multi factor authentication in favour of “adopting easy-to-use, secure-by-default-passwordless solutions.” 

The report, commissioned by CISA Director Jen Easterly, focuses on a group of young hackers known as Lapsus$, who carried out a series of attacks against big technological companies such as Uber, Okta, Samsung, and others. 
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: