The company says it is used by more than 33 million individuals and 100,000 businesses.Many websites almost certainly still use a simple method. LastPass is one of the world's most popular password management services. That "initially made it difficult for investigators to differentiate between threat actor activity and ongoing legitimate activity." Eventually, the AWS threat detection service spotted anomalous behavior. Spotting the hacker operating inside its AWS account was difficult, LastPass says, since the attacker had valid credentials stolen from a senior DevOps engineer. "The word pivot in this context is just a jargon way of saying, 'Where the crooks went next,'" wrote cybersecurity company Sophos in a report on the attack. The threat actor "pivoted from the first incident," engaging in a "new series of reconnaissance, enumeration, and exfiltration activities aligned to the cloud storage environment spanning from Augto October 26, 2022," the company says. That changed in December, when the company first said hackers had been able to copy encrypted customer vault data. LastPass has slowly acknowledged a widening set of impacts stemming from an August breach the company first assessed as affecting nothing beyond its source code and proprietary technical information. Ars Technica reported the software exploited by the attackers was the Plex media platform. LastPass did not reveal the software package vulnerability hackers exploited to place a keylogger on an employee's computer. Included in the data hackers obtained were unencrypted URLs of websites that match a saved entry in customers' vaults. The company warns that the hackers behind what it called a coordinated attack may attempt to brute-force decryption of customer data vaults and use customer data to target users with phishing attacks or attempted credential stuffing attacks against their accounts. Hackers also obtained customer telephone numbers used for multifactor authentication backup. Backups of customer vault data also were exfiltrated, but the company says they can only be decrypted with the end user master password, which is not stored or known by LastPass. LastPass says the stolen data includes customer metadata, API secrets, third-party integration secrets and configuration data. The targeted employee was one of four company employees who had access to decryption keys needed to access the AWS account, the company says. The hacker stole "encrypted secure notes with access and decryption keys" needed to access production backups stored in the company's Amazon Web Services cloud storage account. Through the keylogger, implanted via a third-party media software package with a remote code execution vulnerability, the hacker was able to capture the employee's master password and circumvent the multifactor authentication requirement for accessing the corporate vault. See Also: OnDemand | Attack Surface Management 2.0: Leveraging Vulnerability Analytics & Threat Intelligence The situation at password manager company LastPass keeps getting worse: In an undated update, the company now says hackers implanted keylogger software on a DevOps employee's home computer to obtain access to the corporate vault.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |