We have recently expanded our dark web monitoring to include monitoring infostealer logs and other sources for potential LastPass customer credentials. ![]() LastPass is taking important steps to protect our customers’ credentials. Vidar : Available since at least 2018, this stealer is also able to take screenshots.Raccoon : Variations of this stealer have been available since 2019.Redline : This MaaS stealer has been available since 2020 and is among the most common.While there are dozens of infostealers available, LastPass is tracking three malware strains that commonly advertise LastPass customer credentials for sale: Finally, we have developed a dedicated and focused process for monitoring for and alerting on exposed customer credentials for customers opting into dark web monitoring.Īs expected, master passwords are highly valued within the infostealer community given the potential to gain access to a customer’s vault and its sensitive data and passwords. We’re also operationalizing this intelligence by automating its integration with our detection and response and vulnerability management teams, allowing for a quicker mitigation time. This includes building a dedicated Threat Intelligence, Mitigation, and Escalation (TIME) team, greatly expanding our threat intelligence monitoring and alerting by leveraging open source and proprietary reporting, and proactively monitoring deep and dark web sources for malicious activity. To start, as part of our efforts to increase our security capabilities, LastPass has invested substantially in our cyber threat Intelligence program. These logs include credentials and other sensitive information from victims ranging from multinational corporations to small businesses to individual personal accounts stolen from a home computer. Prices currently average approximately $10 per log and there are millions of logs available for sale at any given time, demonstrating the widespread and commonplace nature of the infostealer threat. Threat actors will then either use this data to gain access to sensitive accounts themselves, or repackage the information for sale on markets, forums, or other criminal sites. Once a computer or network has been infected, the malware will execute, seeking to rapidly identify and exfiltrate critical information (including, when possible, LastPass master passwords) from browsers and other important folders. Victims can be infected via several methods, including phishing emails, visiting an infected website, or through fraudulent apps. This helps lower the technological barrier to entry for cybercriminals, leading to the rapid expansion of infostealers as a broader cyber threat. ![]() Many infostealers are offered for sale as a “malware-as-a-service (MaaS),” in which criminals can purchase a subscription (often for several hundred dollars a month) for access to the malware for their own targeting and use, while maintenance and hosting of the malware remains in the hands of the developer offering it for sale. Infostealers target sensitive information on infected systems, including passwords, crypto wallets, session cookies, financial details, and other personal data for quick exfiltration back to the threat actor. While ransomware may continue to dominate the headlines, an insidious form of malware known as infostealers (short for information-stealing malware) is actually far more common, impacting everything from major corporations to individual home computers. Our focus is in-depth analysis of the latest security developments, a keen eye toward forward-looking tech, and unique threat perspectives. LastPass Labs is the content hub for the Threat Intelligence, Mitigation and Escalations (TIME) team at LastPass.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |