- This topic has 5 replies, 6 voices, and was last updated 1 year, 6 months ago by Tanatorn Tilkanont.
-
AuthorPosts
-
-
2022-09-20 at 11:48 pm #38207Tanyawat SaisongcrohParticipant
1. Provide a brief description of the story.
In early August 2022, LastPass, a password manager browser extension, had detected unusual activity and discovered that an unauthorized party had stolen portions of source code and some proprietary technical information. Fortunately, cybercriminal did not manage to access the master passwords of its 25 million customers.2.What is/are the impact of this data breach? Consequences of the data breach.
Luckily, there has been no evidence that the breach involved access to any customer data or encrypted password vaults. Only part of source code from developer environment was accessed and there is no evidence of attempts of code-poisoning or malicious code injection. The company designed software systems to operate separately from the production side. However, this disclosure impacted the password manager services.3.How did the data breach occur?
The investigation found the threat actor accessed a single compromised developer endpoint. They utilized their access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication.4.What should be the main cause of the data breach?
Malware is possibly the main cause.5.How could you prevent this data breach attack?
This incident showed that even IT developer himself/herself could had been attacked. The company then hired a leading cybersecurity firm and deployed enhanced their security control including additional endpoint security control and monitoring. So, basically, we should increase awareness and practice the safeguards of endpoint security, such as, email security, data encryption, MAC address filtering, antivirus software, firewall, use HTTPS browser and application controls. Additionally, for those users, there are password manager best practices provided by NIST; choose a long passphrase for the master password, create unique passwords for all accounts or use the capability of most program manager to generate random, unique, complex passwords for each account and also the complex, random text answer to online security questions, avoid password manager that allow recovery of the master password and lastly use multi-factor authentication. -
2022-09-22 at 9:09 pm #38245Boonyarat KanjanapongpornParticipant
Thank you for sharing, this data breach is very interesting and challenging for management.
I agree with your suggestion with endpoint management which is possibly the easier point for intruders to break into system. Moreover, I would suggest to recheck software security for vulnerable points such as security bugs,which could allow the attacker to get into the system.
Thank you. -
2022-09-24 at 2:01 am #38298SIPPAPAS WANGSRIParticipant
This is very interesting situation! Even a security company can be hacked and this, of course, can be a main target for attackers. Luckily they could detect unusual activity within time. This clearly showed us that even multi-factor authentication can also be compromised by impersonation. I wonder how the hacker could access the other authentication method, so it might have caused by a stolen password somehow. If malware really is the case, then regularly update the antivirus definition and firewall rules might be your best bet.
-
2022-09-24 at 4:07 pm #38307SaranathKeymaster
Thanks for sharing. Closely monitor the system is also important. Luckily, they could detect this incident early and did not cause serious consequences.
-
2022-09-24 at 4:29 pm #38310Hazem AbouelfetouhParticipant
Thank you Tanyawat for sharing and the excellent ideas. It is interesting how the hacker got access once the developer successfully authenticated using multi-factor authentication! I think the system should detect if one user accessed the system from two different locations, especially at the same time.
-
2022-10-04 at 6:06 pm #38512Tanatorn TilkanontParticipant
Interesting! I agree with your prevention method of data breach attacks. Moreover, I would suggest having a regular cybersecurity test and identifying system vulnerabilities. The weakest point is a target point for the attacker. Thank you for sharing.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here