Lessons from LastPass: The time when BYOD became BYOB (bring your own breach)

Picture this: It’s a regular WFH day, but you are unaware of a hacker sitting in some basement, rubbing their hands together in glee as they receive every keystroke you make on your keypad. Before you know it, they have accessed your company’s data and caused a massive data breach! But wait, it gets worse. You find out that the breach could have been prevented if you simply updated your laptop’s software. Talk about a bad day at work!

Unfortunately, for LastPass and its users, this nightmare became a reality in August 2022 when a developer account was compromised. This led to a series of events that ultimately led to the exposure of sensitive customer data.

A hacker exploited an employee to access the company’s data. But get this: the hacker exploited a three-year-old vulnerability that wasn’t patched. That’s like leaving your front door wide open for three years and being surprised when a burglar walks right in!

LastPass is one of the world’s most popular password management solutions. The incident serves as a reminder that no one is immune from security breaches.

How did it come to this?

1. The LastPass network was compromised on August 2022, with portions of source code and technical information details taken from the network.

2. At first, it was reported that the breach had been contained. But little did LastPass know, it had only applied a band-aid solution.

3. In November 2022, things went from bad to worse when an unknown threat actor was discovered to have accessed LastPass’ storage environment and encrypted password vaults using info taken from the August incident.

4. Aside from revealing secrets about the application’s architecture, it also compromised sensitive customer account information and metadata, like billing and email addresses.

5. On March 2023, the hacker’s way to the developer’s account was uncovered.

6. On the employee’s home computer, the hacker loaded malware by exploiting a vulnerability in software called Plex. The employee apparently used the software for personal purposes.

7. The catch? The vulnerability was CVE-2020-574, which was fixed in May 2020, around 75 versions ago! Sadly, the employee never upgraded their software to activate the patch.

8. The malware was a keylogger, which captured all the employee’s keystrokes. Due to the user’s privileges, the attacker was able to steal password vault data.

9. If the employee had updated the software on their home computer, this breach could have been prevented.

As with anything, comfort comes with a cost

BYOD policies allow employees to use their own devices at work, which increases their productivity and satisfaction. In exchange for this comfort, IT teams must deal with security risks, compatibility issues, and management challenges. It is essential to strike a balance between convenience and security. We must learn from such incidents and take action to improve our own BYOD practices. Being forewarned is being forearmed.

We’ve all been guilty of forgetting, missing, or delaying an update at some point in our lives. Some of us just get lucky and don’t get attacked. But who wants to apply updates when there are dog videos to watch?

Asking employees to keep their software updated can be a challenge, one because it’s a time-consuming task and two because many don’t understand the criticality of missing these updates You have to find other ways to ensure devices used for work purposes, and the software on them, are kept up to date. A unified endpoint management (UEM) tool will allow your IT department to control exactly how all data, each application, and every device behaves within your network. It is the sneaky broccoli hidden in mac and cheese.  

In IT security, the best defense is a good offense 

Proactively preventing potential threats is more effective than waiting for an attack to happen and then defending against it. A UEM solution can detect when an employee’s home computer is running an outdated and vulnerable version of software, like Plex. It can automatically push patches at a time convenient for the employee. UEM solutions also provide benefits for BYOD like separating personal and corporate data, and allowing remote wiping of corporate data in an unfortunate event like a lost or stolen device.

UEM can protect your data from such incidents with:

1. Application control: Limiting which applications can be installed and executed on a device can help organizations reduce their vulnerability to malware and other threats. Prevent bad actors from installing the malicious software on your employee’s personal device.

2. Patch management: Detect and apply security patches automatically to all devices, ensuring that all devices are up to date with the latest security patches. Identify and patch vulnerable software without employee intervention.

3. Containerization: Sensitive corporate data can be kept separate from personal apps and data by creating a container or virtual workspace. This protects company data and respects employee privacy by keeping their personal information separate.

4. Threat detection: Detect anomalous device activity in real-time, allowing IT teams to resolve potential security breaches before they cause significant damage.

5. Geofencing: If devices leave the geofence, they are automatically marked as non-compliant and trigger a set of actions, from passive alerts to executing security commands.

6. Conditional access: Implement policies that restrict user access to corporate resources based on their location, device type, or network status.

7. Per-App VPN: Allow only specific apps to access the corporate network through the VPN.

8. Remote wipe: Ensure sensitive data is not compromised if a device is lost, stolen, or compromised by remotely wiping it.

9. Identity and access management (IAM): User identities can be managed, role-based access control (RBAC) can be applied to resources, and multi-factor authentication (MFA) can be enforced to ensure corporate data is secure.

10. Data protection: IT teams can create policies that control how data is accessed, shared, and stored on devices. Encrypt data at rest and in transit; control copy, paste, and print functions; and allow secure file sharing between authorized users.

ManageEngine Endpoint Central is a powerful UEM solution trusted by over 25,000 organizations worldwide. It is available in both on-premises and cloud-based versions.

Try the benefits now!

If you want to see a demo first, you can schedule one here. This one-on-one session will be focused on sharing information, not selling.

Final thoughts

By implementing the below best practices, IT teams can securely take advantage of all the benefits BYOD has to offer:

• Set clear BYOD policies and communicate them regularly.
• Enable two-factor authentication and require strong passwords.
• Encrypt data while in transit and at rest.
• Implement remote wipe capabilities in case of loss or theft.
• Regularly update software and security patches.
• Monitor device usage for any suspicious activity.
• Use containerization to separate corporate data from personal data.
• Always have a backup plan in case of device failure or loss.

The golden rule is “better safe than sorry.” Or, as we like to say, “better secure than sorry.”