LastPass Uncovers Threat Actors Compromising Their Systems December 2022 This was done using information stolen from the previous attack in August.
In a blog post Monday, the company said that while no customer data was stolen in the August 2022 incident, some source code and technical information was leaked to the LastPass development environment via a home computer owned by a DevOps engineer. said to have been obtained from
From a technical perspective, this information was obtained via a keylogger installed on employee devices by exploiting a remote code execution (RCE) vulnerability in a third-party media software package.
According to the company, this information was used to target another employee, and in a December attack, attackers obtained credentials and keys to gain access to specific storage volumes within a cloud-based storage service. and used to decrypt.
“Once the cloud storage access key and dual storage container decryption key were obtained, the attackers determined that they had copied information from backups containing basic customer account information and associated metadata.” company wrote.
These include company names, end-user names, billing addresses, email addresses, phone numbers, and IP addresses customers use to access the LastPass website.
“Threat actors were also able to copy backups of customer vault data from encrypted storage containers, which contained unencrypted data such as website URLs and fully encrypted It’s stored in a proprietary binary format that contains both sensitive fields and more: website usernames and passwords, secure notes, form-filled data, and more,” LastPass continued.
According to CRO Martin Mackay: Versa NetworksLastPass’s breach update is a stark reminder that remote work and Bring Your Own Device (BYOD) have increasingly blurred the lines between home and work networks.
“People assume that if a personal home computer has no value, it won’t be a target for cybercriminals, which is simply not true,” Mackay said. Information security on mail.
“Threat actors take advantage of security gaps and vulnerabilities to enter networks first and then move laterally to their intended targets. In this case, it was corporate data from cloud storage.”
More generally, Javvad Malik states that KnowBe4said the incident was a sustained, textbook attack in which the threat actor expanded its foothold step by step without rushing.
“Time and again we see statements from compromised organizations downplaying the incident and stating that no financial data was stolen,” Malik said. Information security on mail.
“However, no incident should be considered small and should be thoroughly investigated to ensure that the stolen information is not used to launch further targeted attacks.”
More information about LastPass breach is available In this analysis To Information security Associate Editor James Coker.
