LastPass, while they have been in the news recently for security breaches, have already taken steps to tighten up their security, and will likely continue to do so in response to the follow-up breach. Regardless of the mitigations adopted, the answer to this breach is not to abandon password managers, as they are by far the best solution available to the weakness inherent in passwords for authentication. Even if the password is strong, companies should rotate their master passwords anyways. If it is not strong, a hash cracking program may be able to quickly crack the password and give an attacker access to the vault. This means that the strength of the vault’s security is only as strong as the master password. Because of the nature of LastPass’s encryption process, access to vaults only requires the master password. The secondary risk is brute-force cracking of the master password. Additional social engineering awareness training may be effective over the next couple months to help mitigate risk to companies that use LastPass. With those two pieces of information, malicious actors can put together a profile of websites the exposed customers have accounts on, combine that with open source intelligence (OSINT) from social media, and perform activities such as spearphishing, vishing, or other social engineering techniques against employees. The primary risk introduced by this breach is the combination of the unencrypted metadata with customer account information. The encryption method for the encrypted fields uses the customer’s master password, which means these fields are protected from the threat actor by the strength of the individual user’s master password. LastPass reports that this vault data is a combination of unencrypted fields such as URLs and encrypted fields such as usernames and passwords. Additionally, the backups contain customer vault data. These systems store encrypted backups of customer account information, which the threat actors were able to acquire decryption keys for. The investigative team discovered that the threat actor used information stolen in the August breach to target an employee to access their cloud-based storage systems. Last Thursday LastPass updated their 25 August security incident bulletin with additional details on what customer information had been exposed and additional details of the follow-up breach in November of this year. description White Papers Dive deep into cybersecurity trends and tactics. bug_report Threat Watch Stay informed of cybersecurity news and events.lab_profile Case Studies See how we protect businesses just like yours.monitoring Data Sheets and Infographics Discover the features and benefits of our cybersecurity solutions.videocam Webinars Learn more about the latest cybersecurity trends from industry experts.play_circle Videos Browse our video library to learn more about Binary Defense.rss_feed Blog Read the latest news and insights from our industry experts.This Cybersecurity Buyer’s Guide will help you gain a deeper understanding of today’s threat landscape, along with insight into the top cybersecurity solutions offered by Binary Defense including SOC-as-a-Service, MDR, SIEM, Threat Hunting and Counterintelligence. analytics Analysis on Demand In-depth incident investigation & root cause analysis.phishing Phishing Response Reduce Phishing Risk and Improve Your Security Posture.history Incident Response Rapid Response by Experienced Responders for Swift Remediation.
0 Comments
Leave a Reply. |