After another high profile security incident with a company that allows you to store all of your passwords inside a password vault, has the time come to ensure that your employees are not using their home systems and WiFi network to access your business data?
LastPass, has revealed a major data breach in December 2022 where encrypted password vaults were compromised, has disclosed that the breach occurred due to a second attack launched by the same threat actor against its systems as a breach earlier in the year.
The company said one of its DevOps engineers had their personal home computers breached and infected with a keylogger as part of a sustained cyber attack that exfiltrated sensitive data from its Amazon AWS cloud storage servers.
From 12th August 2022 to 26th October 2022, the second attack targeted the company’s infrastructure, resources and one of its employees. The attackers accessed source code and proprietary technical information from its development environment via an employees compromised account.
LastPass disclosed in December 2022 that the attacker had used the stolen data to breach a cloud based storage environment and obtain “certain elements of LastPass’ customer information”.
The company has also revealed that the unknown attacker had accessed a backup of customer vault data, which was protected by 265-bit AES encryption. LastPass has not disclosed the age of this backup.
According to LastPass, the attacker used a series of reconnaissance enumeration aimed at its cloud storage service. “Specifically, the attacker was able to use valid credentials that have been stolen from a senior DevOps engineer to access a shared cloud storage environment. LastPass have said that the engineer had access to the decryption keys needed to access the cloud storage service.
The employee in question has had their passwords siphoned by targeting the employees home computer systems using a vulnerable third-party media software package to achieve remote code execution and plant some key logger software.
If you currently have a subscription to LastPass, you are encouraged to change your master password for the account, work through all the passwords that you have in your password vault and make changes to all passwords that you have stored.
Do you ensure that your remote workers are protected at home? Do they have a dedicated home network that they have no access credentials, that sits on their home network and only allows them to connect to your business systems via their dedicated work computer, and they do not know the WiFi passwords to connect other devices?
This type of network can only be made available during their working hours, so when they should not be working, they have no access to your business data and/or systems.
If you are concerned about the levels of access that your employees have to your data at home, or would like to discuss options on how remote workers can have improved security when working remotely, please contact a member of our support team today.