News Analysis: Lapsus$ Hacker Group Steals Microsoft Source Code

March 23 headlines were swamped with the news of the Lapsus$ hacker group gaining limited access to Microsoft source code. Microsoft confirmed  the stolen code, including 45% of Bing and 90% of Bing Maps. Some sources also mention Cortana in the mix.

Lapsus$ ransomware group, also known as DEV-0537, is a hacker collective. They’re known for ransomware attacks with exfiltration, extortion, and destruction tactics. They don’t operate by requesting ransom payloads. Instead, the group finds vulnerabilities through individual users and reaps whatever benefits they can.


Lapsus$’ “Habit” of Hacking Corporations

Everybody’s prone to cyberattacks. Whether you’re an individual, own a small online shop, or work at a multimillion-dollar corporation, keeping your eyes open for cyberattacks, and especially social engineering attempts is a must.

Some hackers take pleasure (and other gains) in hacking individuals, others go big. Lapsus$ is known to have penetrated large companies like Ubisoft, Nvidia, EA, Samsung, and very recently, Microsoft.

As we know, the larger the company, the more resources it allocates to cybersecurity. Still, the larger the company, the more vulnerable it is to various intrusions. One reason for that is the number of entry points and another is the amount of data they possess.

“Hacking larger companies puts more people at risk.”

Gerasim Hovhannisyan | CEO, EasyDMARC

According to EasyDMARC CEO Gerasim Hovhannisyan, larger organizations are a source of impact like no other. They influence millions (if not billions) of people. “Imagine how many individuals could be affected or sidetracked if hackers manipulated the Cortana source code,” says Gerasim.

Indeed, in today’s reality, we depend on technology and information that can be easily altered.


No Code is Perfect

We’ve already mentioned that hacker motivations and goals vary—stealing sensitive information, penetrating networks to delete valuable information, extorting more data, locking files with ransomware, or copying code.

Depending on where hackers look, they can find a ton of valuable information about a company. One of the best places to find any exposed and potentially dangerous exploits is the source code of a program.

In Microsoft’s case, the slightest vulnerability can be a window into the houses of Cortana and Bing users. As a result, ordinary people are at the risk of being unknowingly abused by technology.

While the goal of the Lapsus$ group isn’t as apparent as in cases with ransom payload requests, the greatest motivation to carry out the attack could be finding vulnerabilities and ways to exploit them.

As for this specific attack, making the code public doesn’t seem a primary motive for Lapsus$ hackers (they didn’t announce they want to leak it). On the other hand, the tech giant claims: “Microsoft does not rely on the secrecy of code as a security measure, and viewing source code does not lead to elevation of risk.” Extortion and further play with code loopholes might be the incentive for bad actors.


Having Threat Intelligence Doesn’t Ensure Protection

Lapsus$ hackers compromised one employee account at Microsoft and used it to pave a path to the source codes.

While the company says they were already investigating the compromised account before the DEV-0537 attack, they weren’t fast enough to stop the bad actors from the get-go, managing to safeguard only parts of the source code.

Although Microsoft is trying to sugarcoat the event, losing code portions of the most significant people-facing products is vastly concerning. The information and abilities Bing, Cortana, and other Microsoft products possess, can be weaponized if not maintained properly.


Is it Possible to Protect Your Product in an Increasingly Exposed World?

This is the question we face nowadays. Technically, it’s possible to strengthen your (or your organization’s) cyberawareness and implement safety measures like ransomware detection, multi-factor authentication, cloud security, and a trusted devices policy.

We’ve also covered security steps to avoid social engineering attacks, and if you follow our blog, you’ll be pretty knowledgeable about the methods. 

Still, there’s no world without cyberattacks.

You can do your best and stay alert in the face of intrusions as Microsoft did. Still, if you’re connected to the internet, there’s no 100% protection.


So, why should you invest in email protection and cybersecurity measures if they don’t protect you completely? The answer is simple:

“Some protection is always better than no protection. However, a systematic approach to your cybersecurity goals decreases unnecessary risks.”

Don’t let hackers take you by surprise!

SPF Record Syntax: Structure and Components

SPF Record Syntax: Structure and Components

Understanding what SPF is and bringing it into use is important for technology-driven businesses...

Read More
What is a DKIM Record?

What is a DKIM Record?

What is a DKIM record? That's a question we see everywhere these days. Emails...

Read More
What is an SPF Record?

What is an SPF Record?

What if you realize a threat actor is misusing your domain name to send...

Read More