Supply chain attacks defined the security landscape throughout 2021 and 2022. This following year looks to be no different, with malicious actors taking aim at key actors within modern authentication security measures. Password managers have proved themselves to be vital players within today’s security landscapes, allowing for high-security authentication across the dozens of accounts held by each individual. This has made them an even greater target for cybercriminals, paving the way for tomorrow’s ever-tighter security fabric.
Password Managers: A Necessary Evil?
The password crisis is single-handedly driving continued account takeover attacks. The average person has to remember and handle the authentication of over 100 different accounts. The constant demands of account creation, spanning across services from insurance to clothing retailers, has resulted in a ballooning attack surface. Faced with the daunting prospect of remembering the login details to so many accounts, many people choose passwords that are inherently easy to remember. Nothing is more frustrating for the user experience than a misremembered password. Once a memorable password has been selected, this then spreads throughout the user’s online space, infesting itself in the habitual authentication process.
This widespread password pandemic has resulted in the growing demand for password managers. By removing the necessity to remember each and every account’s credentials, end-users can finally reinforce their own credential hygiene. This fast and easy access plays a vital role in reducing brute force and credential stuffing attacks. Password managers such as LastPass work by storing login info within an encrypted database; any time you want to login to a linked account, this is simply pulled from the database and dropped into the username and password fields.
The important role that password managers now hold within the authentication landscape make them a prime target for cybercriminals. Their vast databases of passwords are incredibly alluring, with the customer data involved being worth potentially millions in illicit profit.
The LastPass Double Breach
In August 2022, LastPass revealed that a security incident had occurred. At the time, the password manager heavyweight was adamant that no customer data was affected, and no access had been granted to encrypted password vaults. After a lengthy analysis, LastPass concluded that the attacker had only gained access to company accounts for a total of four days. A single developer account was found to be the issue. An attacker had managed to implant malware on the developer’s computer, offering a convenient backdoor into the development systems within the company. When the developer next accessed the dev environment, the attackers were able to tailgate their way in. Thanks to this, the attacker was able to steal some source code and technical information. LastPass insisted that this security event was a one-off of trifling importance.
However, in November, LastPass then suffered another breach which directly affected customer data. In a blog post covering the event, LastPass clarified that an investigation is underway, though it was already clear that the information obtained in the August incident had paved the way for this latest attack. A third-party cloud storage solution used by the company was named as an important component to this incident, though few other details have been released.
Vitally, it’s important to keep in mind that neither security breaches directly compromised customer passwords or master credentials. This is thanks to LastPass’ Zero Trust architecture. Essentially, this sees that every password database is securely and fully encrypted; the storage of decryption keys is handled by each user’s individual device.
Overall, the true impact of this latest security breach is still speculative: LastPass has not yet disclosed what specific customer data was accessed, nor whether anything was exfiltrated into the attacker’s grasp. However, the potential for a major incident is not wholly baseless: LastPass’ customer base spans 33 million users, including over 100,000 companies. Even if less critical data than passwords were stolen, any personally identifiable information included in the breach can have severe ramification for any affected customer.
How Customer Data Security Can be Maintained
LastPass’ Zero Trust policy may have prevented the direct compromise of passwords, but the same philosophy needs to drive data governance throughout the entirety of modern organizations. With next-gen security solutions in place, it becomes possible to maintain a fully comprehensive view of protected data, allowing you to shut down any risks before an exfiltration attack occurs.
A solid data security solution will first focus on the discovery and classification of all data types, across structured, semi-structured, and unstructured. This allows for hyper-mobile visibility into even ungoverned data. Thanks to this enterprise-wide approach, it then becomes possible to implement access policies, consistently monitoring who’s accessing sensitive data, alongside what they’re doing with it. Once a comprehensive layer of protection is implemented, your security fabric can begin to detect anomalous behavior and signal any data exfiltration attempts. It also allows for the automated detection of any other causes of concern, such as privilege escalation and suspicious account behavior.
Thanks to next-gen security’s focus on data and account behavior, it becomes easier to eradicate false positives, allowing your security to cut through the noise. In reducing the number of tickets barraging security teams, your DevSecOps can benefit from an accelerated response time. This paves the way to faster time to resolution, mitigating risk to both non-production and production environments.
Ultimately, data at scale represents one of today’s largest security threats. Enterprises continue to battle the sheer quantity of data swamping DevSecOps and clogging up traditional security measures. Next-gen security places data itself as a central focal point, with automation helping ease the burden of data demands.
