DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

DHS Cyber Safety Review Board to Conduct Second Review on Lapsus$

Posted on December 2, 2022 by Dissent

Press release from the U.S. Department of Homeland Security (DHS):

WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) announced that the Cyber Safety Review Board (CSRB) will review the recent attacks associated with Lapsus$, a global extortion-focused hacker group. Lapsus$ has reportedly employed techniques to bypass a range of commonly-used security controls and has successfully infiltrated a number of companies across industries and geographic areas. The CSRB will develop actionable recommendations for how organizations can protect themselves, their customers, and their employees in the face of these types of attacks. Once concluded, the report will be transmitted to President Biden through Secretary of Homeland Security Alejandro N. Mayorkas and CISA Director Jen Easterly. 

“The Cyber Safety Review Board has quickly established itself as an innovative and enduring institution in the cybersecurity ecosystem,” said Secretary Alejandro N. Mayorkas. “With its review into Lapsus$, the Board will build on the lessons learned from its first review and share actionable recommendations to help the private and public sectors strengthen their cyber resilience.” 

The CSRB is an unprecedented public-private initiative that brings together government and industry leaders to conduct authoritative fact-finding and to issue recommendations in the wake of significant cybersecurity incidents. The CSRB’s first review focused on vulnerabilities discovered in late 2021 in the widely used Log4j open-source software library. In July 2022, the CSRB concluded that review and published its report, which included 19 actionable recommendations for government and industry. The CSRB does not have regulatory powers and is not an enforcement authority. Its purpose is to identify relevant lessons learned to inform future improvements and better protect our communities. 

“Lapsus$ has targeted some of the most sophisticated companies on the planet,” said CSRB Chair and DHS Under Secretary for Policy Robert Silvers. “In the wake of major incidents, the Cyber Safety Review Board conducts authoritative fact-finding and issues recommendations that can have immediate impact on the security of the ecosystem. As a unified effort between government and industry, we will advise on how to repel and respond to these types of cyber-enabled extortion attacks.” 

“As cyber threats continue to evolve it is imperative that all organizations recognize that they are not invincible,” said CSRB Deputy Chair Heather Adkins. “The CSRB will review the cyber activity of Lapsus$ in order to analyze their tactics and help organizations of all sizes protect themselves.”  

“Lapsus$ actors have perpetrated damaging intrusions against multiple critical infrastructure sectors, including healthcare, government facilities, and critical manufacturing,” said CISA Director Jen Easterly. “The range of victims and diversity of tactics used demand that we understand how Lapsus$ actors executed their malicious cyber activities so we can mitigate risk to potential future victims. We applaud the CSRB for taking on this review to help advance our collective cyber defense.” 

The CSRB was established as a mandate in the President’s Executive Order, Improving the Nation’s Cybersecurity, to drive a thoughtful approach to learn from cyber incidents. For more information, visit CISA.gov/CSRB. 

# # #

Related posts:

  • The President Ordered a Board to Probe a Massive Russian Cyberattack. It Never Did.
  • DHS: Cyber Safety Review Board Releases Unprecedented Report of its Review into Log4j Vulnerabilities and Response
  • Cyber Safety Review Board Releases Report on Microsoft Online Exchange Incident from Summer 2023
  • APT Groups Target Healthcare and Essential Services
Category: Of NoteUncategorized

Post navigation

← In: Hackers Selling Personal Data Of 150,000 Patients From a Tamil Nadu Hospital in Supply-Chain Attack
‘Cybersecurity incident’ hits San Diego Unified computer network →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.