Beshoy Halim, Cloud Engineer @ GlobalDots
02.03.2023
image 3 Min read

LastPass’ password management service has introduced millions of users to the convenience and security of unique passwords. Across mobile and browser, LastPass promises a near-passwordless experience for millions of individuals and over 100,000 businesses. However, recent news threatens to drop a bombshell on credential-based security. 

The Year-Long LastPass Dual Breach 

In August 2022, LastPass released a report of a small scale security incident. Notifying consumers of the breach, LastPass reassured that no consumer data had been accessed. Certain LastPass credentials had been stolen during the first attack, but these were encrypted – from the organization’s perspective, there was no way the threat had access to the necessary decryption keys. It was acknowledged that the attack likely lent the malicious actor further insight into the company’s internal development documentation. One such piece of information is that there are only four – highly senior – DevOps engineers that hold access to the password vaults’ decryption keys.

Delving deeper into August’s breach, recent analysis found one key oversight was made in the initial report: attackers had simultaneously compromised a DevOps engineer’s home computer. This device had a number of apps installed, one of which was the media software Plex. According to Ars Technica, Plex granted a key foothold to the attackers via a remote code execution bug; the attackers used this to install a malicious keylogger onto the DevOps’ home laptop. From this, the attacker was free to capture the employee’s login credentials as they were entered.

Once the master password of this senior DevOps account was stolen, attackers could freely access the engineer’s corporate vault. These shared instances contained a smorgasbord of access and decryption keys for AWS-hosted backups. Between August and October 2022, data was continuously stolen from the company’s Amazon S3 buckets. Exfiltration via the employee account meant malicious behavior was difficult to distinguish from legitimate activity. Eventually, in December, the company discovered the attacker when they attempted to use the account for unauthorized activity. 

How Credentials Need to Keep Pace

The attackers knew that attempting to attack the highly-reinforced on-premises servers would be a waste of time and resources. A remote workforce, however, requires a completely new approach to credentials that LastPass failed to implement in time. This became the perfect gap for a complex attack path.

Firstly, organizations need to recognize the increasing interconnectedness of today’s developers.  Solutions such as Snyk, a partner of GlobalDots, allow security to keep pace with development by monitoring open source and third-party vulnerabilities. Built on a comprehensive vulnerability database, Snyk integrates with existing dev workflows and automatically patches license violations across OS dependencies and container images. Read more about best practices for securing AWS workloads here.

While developers and the workforce enjoy increased protection, all employee accounts can benefit from account access reinforcement. Okta, another GlobalDots’ partner, provides fast and flexible access to compute resources while doing away with traditional static resources. The LastPass breaches have proven that traditional credentials hold all the privilege – Okta revolutionizes this with dynamic, single-use credentials and keys that prevent the abuse of risky static credentials.

Automated evaluation of each login’s context reinforces next-gen workforce IAM, while simplified lifecycle management tools allow the automated provisioning of access as the employee base changes over time.

Following the year-long breach, LastPass has upgraded its security by rotating high-privilege credentials and re-issuing any certificates gained by the attacker. Extra S3 hardening protocols are now in place, with logging and alert functions allowing for initial visibility into account infrastructure. 

For now, LastPass recommends all users to change not only master passwords, but all passwords in their connected vaults, in order to prevent a large blast radius of upcoming account takeover attacks.

Secure your workforce IAM and work environment with GlobalDots. We provide comprehensive security solutions for any stack, ensuring your organization’s protection – contact us now.

Learn More

How To Implement Passwordless Authentication: A Step by Step Guide
Customer Identity & Access Management (CIAM) Identity & Access Management (IAM) Passwordless Authentication
Beshoy Halim, Cloud Engineer @ GlobalDots 27.07.22

Login details are criminals’ favorite type of data, as they allow complete impersonation of a legitimate user on your system. By successfully compromising an account, an attacker becomes a wolf in sheep’s clothing, appearing completely innocuous until they launch their attack.  One of the most common consequences of cracked credentials is a data breach, the […]

Read more
2022: The Year End-User Accounts Go Passwordless
Identity & Access Management (IAM) Passwordless Authentication
Beshoy Halim, Cloud Engineer @ GlobalDots 23.02.22

Why Passwordless, Why Now? Advances in technologies pose new dangers online as more people use devices to do their shopping and finances. The remote work era pedaled, further extending technology adoption, so growing concerns regarding security and new methods are more valid than ever. Progress comes with leaving behind obsolete methods to improve efficiency and […]

Read more
How IT can Breeze through Onboardings without Additional Hirings
Identity & Access Management (IAM)
Beshoy Halim, Cloud Engineer @ GlobalDots 25.11.21

Which IT Nuisance Would You Automate First? Employee onboarding is one of the heaviest, most complex operations on a company’s IT. This is especially true in fast-growing companies that may see multiple onboardings per day. And, of course, the wider a company’s software tools array, the more accounts to create and permissions to manage. In […]

Read more
Unlock Your Cloud Potential
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Book a Demo