Long-Term LastPass Breach Sounds Alarm For Static Credentials

LastPass’ password management service has introduced millions of users to the convenience and security of unique passwords. Across mobile and browser, LastPass promises a near-passwordless experience for millions of individuals and over 100,000 businesses. However, recent news threatens to drop a bombshell on credential-based security. 

The Year-Long LastPass Dual Breach 

In August 2022, LastPass released a report of a small scale security incident. Notifying consumers of the breach, LastPass reassured that no consumer data had been accessed. Certain LastPass credentials had been stolen during the first attack, but these were encrypted – from the organization’s perspective, there was no way the threat had access to the necessary decryption keys. It was acknowledged that the attack likely lent the malicious actor further insight into the company’s internal development documentation. One such piece of information is that there are only four — highly senior — DevOps engineers that hold access to the password vaults’ decryption keys.

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

Delving deeper into August’s breach, recent analysis found one key oversight was made in the initial report: attackers had simultaneously compromised a DevOps engineer’s home computer. This device had a number of apps installed, one of which was the media software Plex. According to Ars Technica, Plex granted a key foothold to the attackers via a remote code execution bug; the attackers used this to install a malicious keylogger onto the DevOps’ home laptop. From this, the attacker was free to capture the employee’s login credentials as they were entered.

Once the master password of this senior DevOps account was stolen, attackers could freely access the engineer’s corporate vault. These shared instances contained a smorgasbord of access and decryption keys for AWS-hosted backups. Between August and October 2022, data was continuously stolen from the company’s Amazon S3 buckets. Exfiltration via the employee account meant malicious behavior was difficult to distinguish from legitimate activity. Eventually, in December, the company discovered the attacker when they attempted to use the account for unauthorized activity. 

How Credentials Need to Keep Pace

The attackers knew that attempting to attack the highly-reinforced on-premises servers would be a waste of time and resources. A remote workforce, however, requires a completely new approach to credentials that LastPass failed to implement in time. This became the perfect gap for a complex attack path.

Firstly, organizations need to recognize the increasing interconnectedness of today’s developers.  Solutions such as Snyk, a partner of GlobalDots, allow security to keep pace with development by monitoring open source and third-party vulnerabilities. Built on a comprehensive vulnerability database, Snyk integrates with existing dev workflows and automatically patches license violations across OS dependencies and container images. Read more about best practices for securing AWS workloads here.

While developers and the workforce enjoy increased protection, all employee accounts can benefit from account access reinforcement. Okta, another GlobalDots’ partner, provides fast and flexible access to compute resources while doing away with traditional static resources. The LastPass breaches have proven that traditional credentials hold all the privilege – Okta revolutionizes this with dynamic, single-use credentials and keys that prevent the abuse of risky static credentials.

Automated evaluation of each login’s context reinforces next-gen workforce IAM, while simplified lifecycle management tools allow the automated provisioning of access as the employee base changes over time.

Following the year-long breach, LastPass has upgraded its security by rotating high-privilege credentials and re-issuing any certificates gained by the attacker. Extra S3 hardening protocols are now in place, with logging and alert functions allowing for initial visibility into account infrastructure. 

For now, LastPass recommends all users to change not only master passwords, but all passwords in their connected vaults, in order to prevent a large blast radius of upcoming account takeover attacks.

Secure your workforce IAM and work environment with GlobalDots. We provide comprehensive security solutions for any stack, ensuring your organization’s protection – contact us now.

Latest Articles

Embark on Your Cloud Security Journey with GlobalDots CNAPP and its New CIEM Capability

Imagine being the captain of a vast space station, floating in the endless cosmos. Your station is filled with various facilities, each serving its unique purpose, and inhabited by astronauts, each following their own set of rules. Without a proficient system to manage these rules, chaos could reign. An astronaut might accidentally enter a restricted […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
27th July, 2023
It’s time to get rid of passwords!

In addition to being outdated, passwords create frictions and hassles for workflows, teams, and users. We enable the complete elimination of passwords, securely and with an optimal user experience – by implementing the latest IAM & CIAM innovative solutions.  We are using a technology called FIDO2 (Fast ID Online) Authentication – new passwordless authentication method that relieves credentials […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
10th November, 2022
GlobalDots Partners With Transmit to Make Passwords Extinct

As we rely more and more on online services, managing passwords becomes increasingly challenging. Compromised passwords lead to account takeovers, which pose existential threats to customer-facing businesses. Account takeovers led to an estimated $11.4 billion in losses in 2021, caused mostly by compromised passwords. GlobalDots, a cloud innovation leader, partners with Transmit Security, a leading […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
8th September, 2022
How To Implement Passwordless Authentication: A Step by Step Guide

Login details are criminals’ favorite type of data, as they allow complete impersonation of a legitimate user on your system. By successfully compromising an account, an attacker becomes a wolf in sheep’s clothing, appearing completely innocuous until they launch their attack.  One of the most common consequences of cracked credentials is a data breach, the […]

Miguel Fersen Director for Iberia and LATAM, GlobalDots
27th July, 2022

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services