What GenZ-Hackers tell you about your organisation’s cybersecurity
Hint: it’s not good
In September 2022 in a cheap Travelodge hotel in Bicester, UK, someone plugs an Amazon Fire stick into a TV. From there the hacker casually compromises a $22.75 billion company, steals their most protected asset and leaks it for the whole world to watch. This is how Rockstar Games lost the trailer for GTA 6. To their credit, the company was by far not the only one that was hacked by this individual who went by the moniker „White“. To their shame: White was a 17-year-old who was put in the hotel by police after an earlier arrest.
From 2021 until March 2022, White and his fellow Lapsus$-members went on a pretty remarkable hacking spree. Uber, Nvidia, Microsoft, T-Mobile – all these companies were no match for the creative hacking style used by the teenage hackers.
Despite or maybe rather because of their age Lapsus$ and fellow Gen-Z gangs like Scattered Spider and the one behind the big Twitter hack of 2020 are formidable opponents for corporations. They behave differently. For the most part, they don’t use vulnerabilities but rely heavily on social engineering for compromise. Once inside they use whatever they find to move laterally. And they always seem to find creative solutions once they discover a road block.
In this keynote Offensive Security expert Michael Gschwender and senior infosec reporter Max Muth will show fascinating insights into the GenZ hacking realm: How they attack, what they’re after – and what defenders should do to strengthen their posture against this enemy?
