![]() ![]() In the second operation, the attacker was able to use some of the information stolen previously to identify the LastPass Amazon cloud storage environment and begin stealing data. 12, but the attacker immediately began a separate operation focused on performing reconnaissance and exfiltration of more data. ![]() The company’s security team ejected the attacker from the network on Aug. In the first incident, the attacker compromised a developer’s account and was able to steal some LastPass source code and other data. In the case of the LastPass incident, there are a lot of moving parts and the operation that eventually led to the compromise of the S3 credentials and access to customer data and backups comprised two distinct intrusions. The shift to remote work for more people since 2020 has exacerbated the problem, but it’s one that IT and security organizations have been wrestling with for the better part of two decades and employees’ home machines and networks aren’t always included in corporate threat models. The path that the attacker took to that destination is not a typical one, and it highlights an issue that has faced corporate security teams for many years: employees accessing sensitive corporate resources from personal machines. The attacker who gained access to the LastPass cloud storage service last year and made off with some customer data gained initial access to the company’s systems after compromising an engineer’s home machine and stealing the employee’s company credentials, access the LastPass vault, and eventually gain access to the keys for Amazon S3 buckets that stored customer data and encrypted vault data.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |