“Due to the security controls protecting and securing the on-premises data center installations of LastPass production, the threat actor targeted one of the four DevOps engineers who had access to the decryption keys needed to access the cloud storage service,” LastPass said in an update on Monday. In order to accomplish that, the attacker needed to get the decryption keys for the encrypted credentials stolen previously. In the second operation, the attacker was able to use some of the information stolen previously to identify the LastPass Amazon cloud storage environment and begin stealing data. 12, but the attacker immediately began a separate operation focused on performing reconnaissance and exfiltration of more data. The company’s security team ejected the attacker from the network on Aug. In the first incident, the attacker compromised a developer’s account and was able to steal some LastPass source code and other data. In the case of the LastPass incident, there are a lot of moving parts and the operation that eventually led to the compromise of the S3 credentials and access to customer data and backups comprised two distinct intrusions. The shift to remote work for more people since 2020 has exacerbated the problem, but it’s one that IT and security organizations have been wrestling with for the better part of two decades and employees’ home machines and networks aren’t always included in corporate threat models. The path that the attacker took to that destination is not a typical one, and it highlights an issue that has faced corporate security teams for many years: employees accessing sensitive corporate resources from personal machines. The attacker who gained access to the LastPass cloud storage service last year and made off with some customer data gained initial access to the company’s systems after compromising an engineer’s home machine and stealing the employee’s company credentials, access the LastPass vault, and eventually gain access to the keys for Amazon S3 buckets that stored customer data and encrypted vault data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |