In addition, the report shows how an employee’s home computer can be exploited to break into a major company. The new report from LastPass indicates the hacker possessed some serious computer infiltration skills. Still, the forensic evidence shows the culprit shut down the antivirus on the software engineer’s computer to remain hidden, LastPass said in Monday’s update. During the initial breach, the hacker hijacked a LastPass software engineer’s laptop, although it remains unclear how this was done. The hacker was also able to target the DevOps engineer at LastPass after conducting an earlier breach on the company back in August involving its source code repositories. (In August, Plex suffered its own breach, which involved a database containing user password information.) LastPass didn’t name the “vulnerable third-party media software package.” But according (Opens in a new window) to Ars Technica, the vulnerable software was Plex, which can help consumers construct a media server to stream videos at home. The same malware appears to have helped the hacker bypass the multi-factor authentication on the account, which contained the decryption keys required to access LastPass’s cloud backup system. The malware then recorded the keystrokes on the engineer’s computer, enabling the hacker to capture the master password for the employee’s password vault at LastPass. “This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,” LastPass said. In Monday’s update (Opens in a new window), LastPass added that only four DevOps engineers at the company possessed the necessary decryption keys through a “highly restricted set of shared folders.” However, the hacker circumvented the company’s security safeguards by serving malware to one of the DevOps engineers at their home. The company held its encrypted password vault data in a cloud-based backup system, which required both Amazon AWS Access Keys and the LastPass-generated decryption keys in order to enter. One lingering question had been how the culprit broke into LastPass, despite its various security safeguards. The company lost encrypted password vault data for all customers to a hacker who was secretly poking around LastPass’ systems for weeks. On Monday, LastPass provided (Opens in a new window) more details on the breach, which has shattered trust in one of the most popular password managers on the market. Last year’s devastating breach of LastPass has been traced back to a piece of keylogging malware that was secretly installed on an employee’s home computer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |