Total Tests:

LastPass says malware used to hack DevOps engineer in 2022 password vault breach

By Kyt Dotson for SiliconANGLE
Tuesday, February 28, 2023

After gaining access to the company’s cloud using the employee’s high-security access, the attacker then stole vault entries and shared folders and encryption keys to the AWS S3 LastPass production backups and other cloud storage. That led to the attacker gaining access to encrypted data vaults.

“This is an emerging vector of sophisticated cyberattacks: targeting victim’s employees, who have privileged access to internal systems, instead attacking the victims directly,” Dr. Ilia Kolochenko, founder and chief executive of ImmuniWeb SA, which provides artificial intelligence application security, told SiliconANGLE.

Kolochenko explained that over the past three years, multiple devastating supply-chain attacks have targeted companies, affecting their software source code and network protocols. Now, most organizations lock down their on-premises infrastructure and code extremely tightly and as a result, attackers have begun to look for different chinks in their security.

“Creative cybercriminals have, however, discovered another low-handing-fruit attack vector, a grim derivate of the pandemic and working-from-home trend: the victim’s employees,” Kolochenko said.

Companies such as LastPass hold extremely important resources such as passwords, which in turn unlock even larger potential treasures for hackers are especially lucrative targets for hackers.

These incidents aren’t the first time the company has been hacked. In 2015, attackers broke into the company’s network, stole email addresses, password reminders and authentication hashes. Although at the time the company said that master passwords were not stolen, it still urged users to change them.

Kolochenko believes that this year cyber gangs will continue to follow this trend of targeting employees by using previously stolen information to target employees and then use their internal access to gain further traction into networks. As a result, organizations should pay more attention to what kind of access they are providing to their employees and the type of security review they are doing.

“In 2023, we should expect a surge of sophisticated attacks on privileged tech employees aimed at stealing their access credentials and getting access to the crown jewels,” Kolochenko said. “Organizations should urgently consider reviewing their internal access permissions and implement additional patterns to be monitored as anomalies, such as excessive access by a trusted employee or usual access during nonbusiness hours.” Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential