These incidents aren’t the first time the company has been hacked. “Creative cybercriminals have, however, discovered another low-handing-fruit attack vector, a grim derivate of the pandemic and working-from-home trend: the victim’s employees,” Kolochenko said.Ĭompanies such as LastPass hold extremely important resources such as passwords, which in turn unlock even larger potential treasures for hackers are especially lucrative targets for hackers. Now, most organizations lock down their on-premises infrastructure and code extremely tightly and as a result, attackers have begun to look for different chinks in their security. Kolochenko explained that over the past three years, multiple devastating supply-chain attacks have targeted companies, affecting their software source code and network protocols. Ilia Kolochenko, founder and chief executive of ImmuniWeb SA, which provides artificial intelligence application security, told SiliconANGLE. “This is an emerging vector of sophisticated cyberattacks: targeting victim’s employees, who have privileged access to internal systems, instead attacking the victims directly,” Dr. That led to the attacker gaining access to encrypted data vaults. This allowed the attacker to watch every keystroke the engineer typed into the computer while working remotely and thus captured the login information and master password while interacting with the company’s cloud environment.Īfter gaining access to the company’s cloud using the employee’s high-security access, the attacker then stole vault entries and shared folders and encryption keys to the AWS S3 LastPass production backups and other cloud storage. The attacker managed to get malware onto the engineer’s home computer via a vulnerable third-party media software package and installed a piece of software called a keylogger. “The threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated second attack,” the company said.Īccording to LastPass, its security controls over its on-premises data center installations were too strict for the attacker to overcome, so it targeted one of the four DevOps engineers who had access to the cloud infrastructure. The company was quick to point out that the decryption keys were not stolen, so it would be difficult, but not impossible, for the information to be read by an attacker. However, a second attack that happened in December did lead to the attacker gaining access to encrypted passwords and encrypted backup data and the company is now revealing the mechanics behind that attack. The attacker gained access to the company’s source code and proprietary technical information.Īt the time of the first attack, the company said that there was no evidence that the incident involved any customer data or encrypted password vaults. LastPass announced the first security breach in August, saying the company detected unusual activity within portions of the company’s development environment. Password manager LastPass US LP reeled from multiple data breaches in 2022 when hackers accessed sensitive information from databases, and today the company revealed how attackers used that information to target a senior DevOps engineer with malware to “launch a coordinated second attack” that breached password vaults.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |