Robin’s Newsletter #271

27 August 2023. Volume 6, Issue 35
Lapsus$ group pair court verdict. Ransomware dwell times are down. Cloud providers looses all their customers data in ransomware incident.
Join hundreds of subscribers who get this first, every Sunday. Subscribe

This week

BUSTED: Two Lapsus$ group members found responsible by UK jury

Arion Kurtaj, 18, from Oxford in the UK, and a 17-year-old who cannot be named have been found to have committed cyberattacks against BT, Okta and Grand Theft Auto developer Rockstar Games.

The pair were arrested, along with five others, in March 2022 (vol. 5, iss. 13) following a chaotic spree of attacks against high-profile victims with the group swing between seeking notoriety, financial gain, or amusement. They used social engineering tricks to access accounts and pivot within targeted organisations. 

As reported by the BBC, Kurtaj is autistic, and psychiatrists deemed him not fit to stand trial, so he did not give evidence and the jury was asked to determine if he did or did not commit the alleged acts, rather than finding him guilty or not guilty.

The US Cyber Safety Review Board recently published a report (vol. 6, iss. 33; PDF)) into the group’s methods.

Interesting thinking

Interesting stats

5 days, the median dwell time in the first half of the year, down from  9 days in 2022 for ransomware threat actors, according to Sophos. Most ransomware attacks occur overnight:

A 24-hour clock face shows the time of ransomware attacks by work week and weekend attacks. The majority of occurrences are outside of 8am-6pm business hours (source: Sophos)

29% of 18-34-year-olds have received unwanted sexual or romantic propositions after giving their personal information to a business, according to research conducted by Savanta on behalf of the UK Information Commissioner. Perhaps more importantly for businesses… 5% of the public (and therefore your potential employees) believed that this was ‘morally right’, despite it being illegal.

Other newsy bits / in brief

And finally


  Robin's Newsletter - Volume 6

  “Lapsus$” “Cybercrime” “Hacktivism” “Budget” “Budgeting” “Risk” “SPHERE23” “Cyber Security Sauna” “Malicious extensions” “Excel” “Tesla” “Ivanti” “Supply-Chain” “Ransomware” “Data scraping” Spyware