LastPass, a popular password management tool, enables its customers to store all their usernames and passwords for online accounts, including sensitive financial, healthcare, email, and social media accounts. Users are also able to store personal identity documents and data on the platform. This past August, LastPass disclosed a breach in which unauthorized users accessed the company’s development environment.
On December 22, 2022, LastPass disclosed that, as part of its investigation into the August breach, it had uncovered evidence that threat actors had successfully accessed unencrypted portions of LastPass customers’ vaults where individual data, including company names, billing addresses, email addresses, phone numbers, and IP addresses, is stored. While LastPass reports that its customers’ sensitive data remained encrypted, the breach suggests that a threat actor would be able to discern a customer’s banking website, though they would not have access to their username or password. More troubling, threat actors were able to copy a backup of customer vault data from the encrypted storage, which means if they were able to find a way to decrypt the customer vault data, they would be able to access all your online accounts and information stored in LastPass.
How to Protect Your Organization and Yourself
If you or your organization uses LastPass, there are a few immediate steps you can take to mitigate the risk:
We value you as customers, and we understand incidents like these can be unsettling. We are here to help. Fortalice is committed to providing you with the tools and confidence to fortify your interests, protect your organization, and maintain a strategic advantage over adversaries. If you have any questions or assistance in implementing necessary threat mitigation steps for your organization, please do not hesitate to reach out to us via email at email@example.com or by phone at 877-487-8160.
Increasingly, cyber actors are employing LOTL attack, which blend (and obscure) their nefarious activities with legitimate tools and infrastructure already found (and regularly used) in your environment to mask their presence while greatly minimizing their chances of detection and attribution. Typically, the introduction of a third-part application generates an alert to the host from an endpoint detection and response (EXR) product. Unfortunately, LOTL enables the actor to skirt detection more easily and effectively.
On June 1, Progress Software (Progress) announced it had identified a vulnerability in its MOVEit File Transfer Tool. The vulnerability allowed cybercriminals to exploit a critical SQL injection that could lead to escalated privileges and potential unauthorized access to the environment.