After the attack last December, LastPass released details of how the threat emerged, which split in two and “put certain elements of our customers’ information at risk.”

This platform is one of the most important in key management, which is a big problem in case of leakage of user information, since cybercriminals had access to encrypted password stores.

Two months after the attack, the company revealed information about how the situation occurred and assured that they had improved their security postures to rotate critical and high-privilege credentials, in addition to strengthening the cloud service to generate alerts and logs.

You may be interested: The European Commission has banned the use of TikTok on its official phones and devices

What was the attack on LastPass?

The company said the whole incident started with an attack on one of its DevOps engineers, whose personal computer was hacked and infected with a keylogger as part of a cyber attack.

From there, they managed to extract sensitive data from their Amazon AWS cloud storage servers.

“The threat actor took advantage of information stolen in the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a second coordinated attack,” the company said. compartmentalize the situation.

You may be interested: the figures of recent cyber attacks by Russia against Ukraine have been revealed

The first part took place in August 2022, where Cybercriminals They obtained the source code and technical information through the affected employee’s account.

Then, in December 2022, the actor used the stolen information to break into a cloud-based storage facility and obtain “certain elements of our customer information.”

The threat didn’t stop there, as the same month an attacker obtained a backup copy of data from a client’s vault, although the company did not specify how recent this consolidation of information was.

The scale of the attack would have affected GoTo, the parent company LastPasswhich confirmed that third-party unauthorized access to cloud storage also occurred in January.

Much of the danger occurred thanks to the fact that the offender carried it passwords Employees in his computer and implanted software to view the log of used keys.

The recommendation for all LastPass users is to make one change to yours Basic passwords And all those keys are stored in vaults to avoid problems of unauthorized access to the various platforms that this service is connected to.

You may be interested in: In Outlook, it will be a bug to send spam emails to the inbox

What is a triple extortion ransomware attack?

As companies find solutions to attacks, cybercriminals develop new techniques to overcome these barriers and become more difficult to detect. An example is what’s happening with a new mod called a triple extortion attack Ransomware.

In this modality, they seek money, not only from organizations, but from any actor that may be involved. This is because companies achieve a high level of defense and can recover stolen data without paying a ransom.

For example, if a company restores information and does not pay the requested money, attackers can expand to block services, affecting users or associated organizations.

Typically, ransomware has three layers of operations, first through data encryption, which is information retrieval. If that doesn’t work, it risks exposing sensitive data. Now a third has been added, which is pressure through calls, emails or emails Distributed denial of serviceWhich is to crash a website or platform so that it doesn’t work.