8/21/2023 0 Comments Lastpass breach 2022![]() The latest LastPass saga began in late August 2022, when the firm published a post revealing that “an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account.” This compromised account enabled the attacker to take portions of source code and some proprietary LastPass technical information. It is an issue that needs to be placed in the spotlight following the well-publicized LastPass incident. However, if users’ password manager vaults are compromised, it potentially puts every one of their online accounts at risk of compromise. Additionally, these programs alert users if they are duplicating a password across different accounts and notify them if their password has appeared in a known data breach. ![]() These solutions are often strongly advised by security experts as a part of best security practices, as they enable users to easily use strong and unique passwords for each online account they possess. Password managers are programs that enable users to store their ever growing list of online credentials in a safe location, removing the need for this information to be recorded in insecure ways, such as sending them via emails and writing on post-it notes. In addition to putting the response and actions of LastPass under the spotlight, the incident has raised questions over the safety of storing multiple login credentials on password managers generally. ![]() More information about the LastPass breach is available in this analysis by Infosecurity deputy editor James Coker.The multiple breaches of password management giant LastPass in 2022 has created significant discussion – and alarm – among the cybersecurity community, not to mention affected LastPass customers. "But no incident should be considered small and should be thoroughly investigated to ensure that any stolen information cannot be used to launch further targeted attacks." "Many times we see statements from organizations which have suffered a breach downplaying the incident and stating that no financial data was stolen," Malik said, commenting on the news. More generally, Javvad Malik, lead security awareness advocate at KnowBe4, said the incident is a persistent textbook attack where threat actors increased their foothold in stages and without rushing. "Threat actors will use any security gap or weakness to initially breach the network, and then move laterally across to their intended target – in this case it was corporate data from cloud storages." ![]() "People assume that if a personal home computer has nothing of value on it, then it won't be a target for cyber-criminals however, this is simply not true," Mackay added. "The threat actor was also able to copy a backup of customer vault data from the encrypted storage container, which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields, such as website usernames and passwords, secure notes, and form-filled data," LastPass continued.Īccording to Martin Mackay, CRO at Versa Networks, the breach updates by LastPass are a stark reminder that remote working and BYOD (bring your own device) are increasingly blurring the lines between home and work networks. ![]() These include company names, end-user names, billing addresses, email addresses and telephone numbers, as well as the IP addresses used by customers to access the LastPass website. "We have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata," the company wrote. This information was then used by the threat actor between August and October to steal credentials and keys later used to access and decrypt certain storage volumes within the cloud-based storage service in the December attack. LastPass has revealed that the threat actor who breached the company's systems in August 2022 did so by leveraging source code and technical information that were obtained from the company's development environment via a home computer belonging to a DevOps engineer.įrom a technical standpoint, LastPass said information was obtained via a keylogger installed on the employee's device by exploiting a remote code execution (RCE) vulnerability in a third-party media software package. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |