Cert-In warns of LastPass-like cyber attack in India: View details


India’s cyber security team, the Indian Computer Emergency Response Team (Cert-In) has warned Internet users in India about a host of cyber attacks regarding their LastPass accounts. The agency said that the malicious actors behind the LastPass data breach are using various techniques such as phishing, credential stuffing and brute force to collect data from LastPass users in India.

The cyber-security response team said in its advisory that the actors responsible for the LastPass data breach gained access to source code and technical information from the utility’s developer environment in order to target users. The hackers reportedly used information copied from a backup that included basic customer account information and associated metadata from which users were accessing the password manager service, ie LastPass.

“The data backed up from the encrypted storage container was stored in binary format, containing unencrypted data (website URLs) as well as encrypted sensitive fields such as website username and password, secure notes and form-fields,” the agency wrote in its letter. The data included both.” advice.

“For successful execution, the threat actor could target users with a potentially brute force attempt to guess the master password, or conduct phishing, credential stuffing and brute force attacks against online accounts associated with the password manager utility,” the agency said. Can do.”

It’s worth noting that Cert-In’s advisory comes nearly a week after LastPass admitted that hackers were able to “make a backup copy of customer Vault data” in a recent data breach. “The threat actor copied information from the backup including original customer account information and company names, last user names, billing addresses, email addresses, telephone numbers and IP addresses from which customers were accessing the LastPass service,” the company said. wrote in his blog post.

Apart from warning users about the cyber attack, the security agency also shared several tips for users to stay safe online. Here’s what the agency said…

How to protect yourself from cyber attack

  • Change your password every 60-90 days on user level accounts.

  • Always use a strong password with a combination of letters (both uppercase and lowercase), numbers and special characters. This will reduce the potential for successful brute force password guessing.

  • Never reuse the master password on other websites.

  • Do not browse untrusted websites or click on untrusted links and be careful while clicking on links provided in any unsolicited emails and SMS.

— Click only on URLs that clearly indicate the website domain.

  • In case of doubt, users can directly search the websites of the organization using the search engine.

  • Keep your personal information private.

The post Certificate-in warns of LastPass-like cyber attack in India: Check details appeared first on BGR India.

Read full article here

Leave a Reply