LastPass Breach and Managing Remote Employees. How to stop a similar breach from happening to you
Yet another development has sprung from the recent Lastpass breach saga, this time it’s encryption keys for customer vault backups that were stolen from a Senior DevOps employee, one of only four with access, through third-party software’s remote execution vulnerability on their home computer.
LastPass threat actor leapfrogs from breach one to breach two
Despite the link between the two attacks, LastPass Support reports, “It was not initially obvious that the two incidents were directly related [...] The threat actor pivoted from the first incident, which ended on August 12, 2022, but was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activities aligned to the cloud storage environment spanning from August 12, 2022, to October 26, 2022.
The second incident saw the threat actor quickly make use of information exfiltrated during the first incident, prior to the reset completed by our teams, to enumerate and ultimately exfiltrate data from the cloud storage resources.”
Before we assess the big picture of how to work remotely while maintaining secure endpoints, there is a specific action you should take if you’re currently a LastPass user: Change your master password and all passwords currently stored in your LastPass vault. While it remains unclear as to whether or not the threat actor has access to these passwords, it’s always better safe than sorry.
How to secure endpoints while working remotely
This recent development brings a significant weakness to the surface that has become more prevalent since COVID accelerated the shift to hybrid and remote work. Endpoints outside of the office network, and the third parties installed on them present a significant potential gap in organizations' IT and security posture today that’s unlikely to change.
It’s no surprise the shift to remote work has seen an acceleration of cyberattacks on remote devices. According to the 2023 State of IT Operations report, in which we surveyed nearly 500 IT professionals, “Endpoint management remains complex. 55% of organizations do not feel they are managing their endpoints very efficiently.”
To operate securely, the reality is organizations have more to contend with – namely, that their attack surfaces reach beyond corporate walls. So, how do you keep your remote endpoints and the software installed on them secure from vulnerabilities?
Ask yourself the following questions to make sure your IT team’s strategy for keeping distributed endpoints up to date and secure is on solid ground.
Can you secure your org’s endpoints without a VPN?
VPN-free endpoint management is not only possible, but it’s also essential. If your patch management strategy depends on a VPN, you’re a bit behind the curve. Why? Well, legacy patching platforms only update systems and software connected to the corporate VPN.
Frankly, VPNs can’t always handle remote traffic. And distributed users may fail to connect to the corporate network to avoid the painstakingly slow process of making updates over a slow connection.
Cloud-native endpoint management solutions seamlessly update and patch any corporate endpoint that’s connected to the internet, which means users are always current with patches and configurations.
Can you slam the door as soon as a new vulnerability is announced?
Threat actors can weaponize vulnerabilities in a matter of hours – just look at the LastPass breach for evidence. The second new vulnerabilities are known or exploit code is released, it’s an urgent battle to patch faster than your adversaries can scan and exploit.
Your org must be able to remediate critical and zero-day vulnerabilities within 72 hours of their announcement. Unfortunately, VPN-based patching solutions won’t allow you to remediate fast enough, but tools like automated vulnerability remediation can help.
Can you automate patch management on endpoints not connected to your corporate network?
When it comes to endpoints not connected to your network, it can be hard to see which software titles exist, are outdated, or are susceptible to attack.
Unpatched laptops are problematic for proper cyber resilience practices. This can be especially difficult when you’ve got a lot of remote workstations. So how do you eliminate this threat? Try automation and customization of OS and third-party application updates or patches.
Can you identify and patch third-party software?
According to the CRA Third-Party Risk in the Era of Zero Trust survey, 67% of surveyed IT professionals experienced significant increases in third-party-related security events in 2021.
Managing configurations across third-party platforms, multiple operating systems, and remote endpoints remains a struggle for VPN-dependent patch platforms.
If you can get in front of attackers across OS platforms, tap into streamlined third-party patching support, and secure remote endpoints with a single VPN-free console, you’ll be better protected and keep your endpoints secure.
For more tips on how to secure your endpoints while working remotely, check out Remote Work – The Technological and Political Shifts. You’ll see some of the questions above as well as a lot more intel about protecting your org from RCEs and other vulnerabilities while working remotely.
We provides a 100% CloudNative IT Endpoint operations platform for modern organizations. As a comprehensive EndPointManagement Platform, it has advanced SoftwareManagement for PatchManagement, Adding, Removing, and Updating Software, Changing and Configure Settings along with PolicyManagement on any device or operating system located anywhere in the world and at any time. With the push of a button, ITAdministartors can fix CriticalVulnerabilities faster, slash cost and complexity, and win back hours in the day.If you want to know more kindly Click here