Prep your Microsoft environment for an identity-based attack.
Book an identity exposure gap analysis today.
Anatomy of a Lapsus$ Attack

Vectra AI vs.
MFA Bypass

What happens when a notorious cybercrime group gains VPN access, bypasses MFA, steals credentials and starts moving laterally inside your hybrid cloud environment? We simulated a Lapsus$ attack to find out.

Shutting down an active MFA bypass attack with Vectra AI

In this Lapsus$ attack simulation, security analysts experienced the difference early detection makes. With an integrated signal to correlate detections across each attack surface, defenders quickly identified exactly where to focus efforts.

The attacker:

  • Conducts network recon
  • Uses stolen credentials
  • Moves laterally over multiple surfaces

Defenders know:

  • Which entities are impacted
  • Each surface occupied
  • What response actions to take
Response time
First Vectra Alert
5:02 A.M
Attack Stopped
5:22 A.M
Anatomy of a Lapsus$ Attack

See and stop Lapsus$ attacks in real time

The secret to stopping Lapsus$ after it bypasses MFA? Attack Signal Intelligence™. Vectra AI’s patented AI-driven signal empowers defenders leveraging the Vectra AI Platform to move at the speed and scale of hybrid attackers — including Lapsus$ attacks targeting source code and email theft.

11
References in MITRE D3FEND
90%
MITRE ATT&CK coverage
35
AI threat detection patents

Sharpen your investigation and threat hunting skills

Join our ensemble of security researchers, data scientists and analysts as we share over 11+ years of security-AI research and expertise with the global cybersecurity community. Through our webinars and hands-on labs, you’ll learn how to effectively leverage AI for threat detection and response and expose sophisticated attacks hiding in your environment.

Explore Upcoming Sessions
Vectra AI attack labs

With Vectra AI, Lapsus$ attacks don’t stand a chance

With 11 references in the MITRE D3FEND framework — more than any other vendor — only Vectra AI provides the coverage you need to accurately map techniques. Attack Signal Intelligence detects and prioritizes:

Suspicious Port Scan
RDP Recon
Suspicious Remote Desktop Protocol
Suspicious Admin
RPC Targeted Recon
Azure AD Suspicious Sign-on
Azure AD New Admin Account Creation
M365 Suspicious Transport Rule

Prioritizing tactics for Lapsus$

  • This simulated attack was initiated after threat actors gained VPN access.
  • Attackers immediately started doing recon and looked to move laterally.
  • They moved across three attack surfaces, swiped usernames and passwords and set up a path to exfiltrate sensitive data.
  • With an effective attack signal, TTPs were prioritized for defenders to take immediate action.
Prioritizing tactics for Lapsus$

Keep MFA bypass attacks from becoming data breaches

Download the full attack anatomy report to learn how you can move at the speed and scale of modern attackers.

Download the overview

Gain an unfair advantage over modern attacks

Explore the Platform
Explore more attack anatomies

Explore more cyberattack resources

See how Vectra AI helps you move at the speed and scale of modern attackers.

Ebook

A Breakdown of Emerging Hybrid Attacker Methods

All modern attacks are hybrid attacks. Learn how today’s cyber attackers infiltrate, escalate privileges, move laterally and progress their attacks.

Download Ebook
Use Case

Protect your business from nation-state cyberattacks

See how the Vectra AI Platform protects against nation-state threat actors by revealing the earliest signs of an attack within your environment.

Learn More
Blog

Azure AD: Users Are Bypassing Your MFA

Learn how the Vectra AI platform continuously monitors user activity to reveal instances of multi-factor authentication (MFA) bypass.

Read Blog