![]() I’m not going to suggest this means LastPass WILL be breached in a Supply Chain Attack. So how long had the attackers been inside their systems already? How long have they had to plan and execute a variety of actions…theft, infiltration, vulnerability research? Can LastPass guarantee their platform isn’t already compromised? Can they guarantee that these recent actions will not result in further attacks and vulnerabilities? LastPass discovered the breach after detecting unusual activity in early August. ![]() Yep, an attack like LastPass where they “discovered” that an unauthorised user had stolen portions of the source code and some proprietary technical information, is often the start, not the finish of an attack.Īlso keep in mind IBM’s report which cites the average time from break to containment takes 287 days. How do you think those cybercriminals manage to “tamper” with the distribution of a product or service? Supply Chain Attacks are where “Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components.”. It seems they have neatly skirted the real issue and the market has graciously let them get away with it….again. Whilst LastPass will take great pains to point out that no customer data was directly stolen, I’m still very surprised at how well they have managed to contain the fallout. As many of you are already aware, recently LastPass confirmed in a tweet that they had “ detected unusual activity within portions of the LastPass Development environment…”.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |