While method through which the attacker was able to compromise a Lastpass developer’s endpoint to access the Development environment, the investigation found that the threat actor was able to impersonate the developer after he “had successfully authenticated using multi-factor authentication.” After analyzing source code and production builds, the company has also not found evidence that the attacker tried to inject malicious code. This is likely because only the Build Release team can push code from Development into Production, and even then, Toubba said the process involves code review, testing, and validation stages. Additionally, he added that the LastPass Development environment is “physically separated from, and has no direct connectivity to” Lastpass’ Production environment. The company says it has since “deployed enhanced security controls including additional endpoint security controls and monitoring,” as well as additional threat intelligence capabilities and enhanced detection and prevention technologies in both Development and Production environments.
Read more of this story at Slashdot.