Cybercriminals crave breaching the networks of large organizations.

These large corporations hold vast amounts of sensitive information and often protect these assets with enterprise-grade security. Although breaking into these systems isn’t easy, it’s far from impossible for skilled cybercriminals aiming for high-value targets.

As corporations ramp up their security measures, cybercriminals shift their focus to softer targets that can act as conduits into corporate networks.

These soft targets increasingly become the organization’s employees, and their mobile phones serve as the entry point. When employees blend their personal and professional lives on one device, cybercriminals see an opportunity, especially if they can sidestep multi-factor authentication measures already in place.

A recent move by the Lapsus$ cybercriminal group underscores the importance for organizations to secure their employees’ personal devices.

Throughout the year, the Lapsus$ gang has successfully breached many prominent organizations, including Microsoft, T-Mobile, Uber, and Samsung.

One tactic they employ to infiltrate these companies is SIM swapping. In this method, the cybercriminal takes control of the target’s mobile SIM card by either impersonating the target to persuade a mobile provider to transfer the phone number or by hacking into the target’s mobile provider account.

Lapsus$ has also compromised accounts of mobile provider employees and contractors to perform SIM swaps. In some cases, insiders within the targeted companies have even assisted them.

Once they clone the SIM Card and assign it to a new phone, the cybercriminals start receiving texts meant for the victim. This becomes a major issue for companies using SMS-based multi-factor authentication.

The cybercriminals then gain access to multi-factor authentication codes sent via text, log into corporate networks, and potentially steal valuable information or demand ransoms. Lapsus$ has already received ransom payments from several breached organizations.

And it’s not just Lapsus$. BlackCloak and government agencies are witnessing similar tactics. That’s why organizations must ensure their employees are not the vulnerable links that cybercriminals seek.


Go Beyond Text-Based Authentication

Today, the mobile phone reigns supreme. Personal and professional lives converge on a single device, increasing risks for individuals and companies alike.

Here are actionable steps to mitigate those risks:

  • Switch to Authentication Apps and Physical Keys for MFA: Instead of relying on SMS for multi-factor authentication, use an authentication app or a physical security key. For instance, the Department of Homeland Security reports that Lapsus$ failed to breach systems secured by apps and physical keys.
  • Disallow Opt-Outs: Ensure that multi-factor authentication only occurs through secure methods, without any option for less secure SMS codes.
  • Minimize Your Attack Surface: Limit what cybercriminals can discover about you and your employees. Remove personal information from data broker sites and monitor the deep and dark web. BlackCloak offers these services to help protect both personal and corporate digital landscapes.

Lapsus$ and other cybercriminal groups increasingly use SIM-swapping attacks, and high-grade enterprise security becomes irrelevant if vulnerabilities remain unaddressed.

Invest the time to implement these measures and prevent your employees from becoming the weak link in your security chain.