LastPass has notified customers of a second attack which resulted in the breach of encrypted password vaults. This second incident, resulting in the threat actor making use of information exfiltrated during the first incident to exfiltrate corporate data from cloud storage resources, was caused by one of their DevOps engineers’ personal home computers being hacked.
Sharon Nachshony, Security Researcher at Silverfort had this to say:
“Given the number of people who rely on LastPass it’s easy to pass quick judgment on back-to-back incidents, however, what this really shows is the difficulty of detecting attacks that use seemingly legitimate, yet stolen, credentials. By obtaining these credentials, the threat actor was able to masquerade as a highly trusted user, giving them the freedom to pivot into the cloud storage environment.
The corporate vaults holding privileged credentials often become a single point of failure. Given enough reconnaissance time a motivated attacker will try to understand how to compromise such vaults because, once they have such credentials, it’s like having a VIP pass to corporate resources. In the case of this attack, an additional layer of MFA to authenticate into the cloud storage environment may have provided additional protection.”
If you’re a LastPass user, the company strongly advises you to change all your passwords stored on the platform. The master password for the LastPass vault should also be changed. But if you’re asking me what you should do, I would suggest dumping LastPass completely on top of changing all your credentials immediately. It’s pretty clear that LastPass isn’t secure based on their recent history of being pwned, and has no path to become secure anytime soon. Thus moving your passwords off their service with urgency is your best course of action.
Like this:
Like Loading...
Related
This entry was posted on February 28, 2023 at 10:04 am and is filed under Commentary with tags Hacked, LastPass. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
LastPass Admit That They Have Been Pwned Yet AGAIN
LastPass has notified customers of a second attack which resulted in the breach of encrypted password vaults. This second incident, resulting in the threat actor making use of information exfiltrated during the first incident to exfiltrate corporate data from cloud storage resources, was caused by one of their DevOps engineers’ personal home computers being hacked.
Sharon Nachshony, Security Researcher at Silverfort had this to say:
“Given the number of people who rely on LastPass it’s easy to pass quick judgment on back-to-back incidents, however, what this really shows is the difficulty of detecting attacks that use seemingly legitimate, yet stolen, credentials. By obtaining these credentials, the threat actor was able to masquerade as a highly trusted user, giving them the freedom to pivot into the cloud storage environment.
The corporate vaults holding privileged credentials often become a single point of failure. Given enough reconnaissance time a motivated attacker will try to understand how to compromise such vaults because, once they have such credentials, it’s like having a VIP pass to corporate resources. In the case of this attack, an additional layer of MFA to authenticate into the cloud storage environment may have provided additional protection.”
If you’re a LastPass user, the company strongly advises you to change all your passwords stored on the platform. The master password for the LastPass vault should also be changed. But if you’re asking me what you should do, I would suggest dumping LastPass completely on top of changing all your credentials immediately. It’s pretty clear that LastPass isn’t secure based on their recent history of being pwned, and has no path to become secure anytime soon. Thus moving your passwords off their service with urgency is your best course of action.
Share this:
Like this:
Related
This entry was posted on February 28, 2023 at 10:04 am and is filed under Commentary with tags Hacked, LastPass. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.