After being attacked last December, LastPass released details of how this threat came about, which split in two and put “certain elements of our customers’ information at risk.”
This platform is one of the important ones in key management, which is a big problem in the event of user information leaking, since cybercriminals had access to encrypted password vaults.
Two months after the attack, the company revealed information on how this situation occurred and assured that they improved their security postures to rotate critical and high-privilege credentials, in addition to strengthening the cloud service to generate alerts and records.
It may interest you: The European Commission banned the use of TikTok on its official phones and devices
How was the attack on LastPass
The company said that the entire incident began with an attack on one of its DevOps engineers, who had his personal computer hacked and infected with a keylogger as part of a cyberattack.
From there they managed to extract sensitive data from their Amazon AWS cloud storage servers.
“The threat actor took advantage of information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a second coordinated attack,” the company stated of how it was split the situation.
It may interest you: Figures of recent cyberattacks by Russia against Ukraine are revealed
The first part took place in August 2022, where the cybercriminals they accessed the source code and technical information through the account of the affected employee.
Then, in December 2022, the actor took advantage of the stolen information to break into cloud-based storage and obtain “certain elements of our customer information.”
The threat did not stop there, because in the same month the attacker obtained a backup copy of the data from the client’s vault, although the company did not clarify how recent this consolidation of information was.
The scope of the attack would have affected GoTo, the parent company of LastPasswhich confirmed that unauthorized third-party access to cloud storage also occurred in January.
Much of the threat occurred thanks to the fact that the criminal diverted the passwords of employees to his computer and implanted software to view the log of keys used.
The recommendation for all LastPass users is to make one change to your master passwords and all those keys stored in the vaults to avoid problems of unauthorized access to the different platforms in which this service is linked.
It may interest you: An error in Outlook would be sending spam emails to the inbox
What is triple extortion ransomware attack
As companies find solutions to attacks, cybercriminals create new techniques to overcome those barriers and become harder to detect. An example is what is happening with a new modality called triple extortion attack of ransomware.
In this modality, they seek money, not only from organizations, but from any actor that may be involved. This is because companies are reaching high levels of defense and are able to recover the hijacked data without having to pay the ransom.
For example, if a company recovers the information and does not pay the requested money, the attackers expand to the point of blocking services, affecting users or associated organizations.
Normally, a ransomware has three layers of operation, first through data encryption, which is to take the information. If this doesn’t work, it threatens to publish sensitive data. Now a third is added, which is pressure through calls, emails or with the Distributed Denial of Servicewhich is to collapse a website or a platform so that it does not operate.