U.S. Marshals Hit with Ransomware Attack; LastPass Continues Damage Control
It’s been a tough week for people we’d hope should know better about cybersecurity.
The breach on LastPass, disclosed in December, is still reverberating in the organization and among its users. Now, they’ve released additional information on a second attack where the threat actor was pulling data off the AWS servers for more than two months.
Perhaps the most painful part of it all – the vulnerability came from a data breach on a senior DevOps engineer’s home computer via a keylogger that was installed with a remote code executive vulnerability, according to Bleeping Computer.
LastPass confirmed the account in a blog post: “This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware. The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.”
Next, hackers hit the U.S. Marshals system in mid February in a ransomware attack, according to a spokesman for the service. The U.S. Marshals service is a division of the department of justice, and, according to the New York Times, is responsible for the protection of judges, transportation of federal prisoners and the operation of the federal witness protection program.
The Times indicated that witness data was not breached, but that the hackers were able to access information on sought-after fugitives.
Per their reporting, the affected system “contains law enforcement sensitive information, including returns from legal process, administrative information and personally identifiable information pertaining to subjects of U.S.M.S. investigations, third parties and certain U.S.M.S. employees,” Mr. Wade said in an email to the NYT.