It&rsquo;s International Data Privacy Week, so let&rsquo;s talk privacy! With increased focus on data privacy (there are now data protection and privacy laws in effect in 144 countries and eight additional US state privacy laws going into effect in this year), we wanted to highlight the intersectionality between data privacy and our normal focus area, cybersecurity. Data privacy is becoming a more important component in everyone&rsquo;s daily lives &ndash; according to a <a href="https://kpmg.com/us/en/articles/2023/bridging-the-trust-chasm.html">KPMG survey</a>, 86% of consumer respondents indicated that data privacy is a growing concern for them. Additionally, <a href="https://public.tableau.com/app/profile/ratnesh2928/viz/Stayingcyber-securewhileworkingfromhome/Stayingcyber-securewhileworkingfromhome">48% of consumers reportedly</a> stopped using a service over privacy concerns. It is evidence that consumers want to feel safe and know that their data is secure.
With the increasing digitization of everything that we do, regulators have been trying to catch up and set forth regulations to protect individuals&rsquo; privacy. These Data privacy regulations were primarily born of needs to provide individuals with more control over their personal data and, critically, establish requirements to protect that data. Frequently, companies can make improvements that achieve both privacy and security goals. 
We are going to highlight a few topics on which improvement contributes to both greater control over security and compliance with the privacy regulatory landscape.
<h3>1. Take control of your data.&nbsp;</h3>
As we mentioned in our <a href="https://blog.lastpass.com/posts/threat-from-shadow-it"></a><a href="https://blog.lastpass.com/posts/threat-from-shadow-it">Shadow IT</a> article, it is difficult to protect what you don't know is within your network. This concept is also relevant to help meet data privacy obligations. If you don't know what personal data you collect, use, and store, you won't be able to protect the personal data from an intentional or unintentional data breach or determine what obligations apply to that data. For example, organizations that use tracking pixels have suffered legal consequences and lost truth with consumers because they did not understand the breadth of personal data collected using tracking pixels--especially relating to the collection of sensitive health data. Since they failed to understand the data collected, these organizations did not put in place controls that were commiserate with the sensitivity of data that was collected (e.g., obtaining consumer's consent or limiting the sharing of that sensitive data).&nbsp;
Furthermore, understanding the personal data your organization collects is fundamental to maintain compliance with privacy obligations. In many jurisdictions, organizations are required to maintain a formal record of data collected and complete privacy assessments that weigh the personal data collected and use of that data with the privacy rights of an individual.&nbsp;
<h3>2. Share data responsibly, particularly when evaluating vendors and services.&nbsp;</h3>
By utilizing new software, applications, or services to process your data, you expand your attack surface and introduce new ways a threat actor can steal your data. Therefore, you should be confident the vendor is committed to protect your data before utilizing their software or services. From a security and privacy perspective, you should &ndash; at the very least &ndash; evaluate (1) the technical and organizational measures the vendor and their systems have in place to protect personal data and (2) the limitations and commitments they make in using your data.
With the prevalence and potential uses of AI tools and services, it has increasingly become more important to assess how those tools (and vendors) are using data and respecting consumers&rsquo; privacy. It is important to understand if personal data &ndash; especially sensitive personal data &ndash; will be used for training any AI system. There have been concerns that AI tools can be influenced through prompts by a bad actor to leak personal data, and before implementing an AI tool or service, you may want to better understand what controls are in place to prevent inadvertent data leakage. The answers to these questions would be illuminating to understand if the AI system and vendors are going to protect and respect the data that you share with them. 
<h3>3.&nbsp;Implement privacy and security by design.</h3>
Instead of reacting to privacy and security issues, organizations can adopt a more prospective approach to protecting personal data through a concept called &ldquo;privacy by design&rdquo;. A well-known concept in the privacy space, organizations can take the following approach into consideration when reviewing their security program as well:
<ul>
 <li>Take a proactive, preventative approach to anticipate privacy risks and address them;</li>
 <li>Implement privacy as a default setting within your services and processes &ndash; limit collection and storage unless a consumer opts-in to sharing more;</li>
 <li>Embed privacy as an essential aspect of technologies and business operations &ndash; start the design process considering data privacy;</li>
 <li>Ensure full functionality of services and processes &ndash; no need to make trade-offs to achieve privacy and security goals;</li>
 <li>Secure data when processed by your organization or its vendors through the entire lifecycle;</li>
 <li>Be transparent with clear and accurate information regarding data collection; and</li>
 <li>Respect the interests of the individual by keeping the services and processes consumer-centric.</li>
</ul>
<h3>4. Respect consumers.&nbsp;</h3>
Privacy is synonymous with trust, as it shows customers that you know the importance of appropriately handling and safeguarding their data and that you are committed to respecting their rights. Consumers expect a seamless, customized experience when using a service, purchasing a product, or interacting with a website. All-the-while businesses are collecting troves of data to provide their services and develop new and innovative products. Each business must harmonize their interest in developing and delivering their services with the rights and interests of the consumer. 
Challenge the decisions you make by asking if there is a way to achieve the goal without impacting to the consumer. Take stock in how you collect, use, and store personal data and be transparent to consumers about your practices. Evaluate if any of your practices would undermine the trust and loyalty of your consumers. Lastly, treat privacy and security as an enabler not a hinderance. Use it as a way to demonstrate to consumers that you value their business and as people.
&nbsp;

Empowering Privacy: How to Manage, Share, and Secure Your Data

For Privacy Awareness Week, we are highlighting the intersectionality between data privacy and cybersecurity. We'll cover a few areas that contribute to both greater control over security and compliance with the privacy regulatory landscape.

It has recently come to our attention that recent posts from our customers on the LastPass X social media account are eliciting a large influx of suspected bot replies. In one observed instance, several suspected bots replied in rapid succession to a user posting a comment on our X profile. Generally, the suspected bots claimed they received no response from the support center and directed the legitimate user to reach out to a third-party individual to resolve their issue. Typically, the purpose of this activity is to get customers to engage with specific, non-affiliated accounts, which puts customers at potential risk of potentially sharing sensitive information with a third-party. We are raising awareness of this inauthentic behavior to notify our customers who currently use X. 
If you need customer support, please go directly to our website, https://www.lastpass.com. As always, please take the appropriate precautions, and if you have any questions if a social media account, email, or phone number is legitimate, please submit it to abuse@lastpass.com.

&nbsp;<img src="https://www.lastpass.com/-/media/7dbbab93de8947b0b7ad11f1d1e6a36a.png" >
Example of bot messages replying to a user over X.

Bot activity targeting users engaging with LastPass on X platform

Recent posts from our customers on the LastPass X social media account are eliciting a large influx of suspected bot replies. Flagging for general awareness.

<span style="background-color: #ff[..]

SMS Is Insecure. Now What?

When it comes to cybersecurity, the concept of the perimeter is critical&mdash;it encompasses everything that needs to be protected. Given how easy it is for threat actors to pivot from an entry point via a low-level employee to get into systems and gain access to high-value targets, entities must ensure their entire organization is covered. It&rsquo;s not enough to secure just a few individuals or devices; the entire network and all its users must be safeguarded. 
Think of it like a panic room designed to protect your family during a break-in. Imagine your organization is the house, with the panic room representing your critical systems and data. Every door, window, and wall in the house symbolizes your network and employees&mdash;each one a potential entry point for intruders. To truly protect what matters, the entire house must be secure: doors locked, windows reinforced, and alarm systems active. Ideally, you&rsquo;d like to prevent anyone from ever getting into your house to begin with (that&rsquo;s why it&rsquo;s called a Panic Room). Similarly, in cybersecurity, it&rsquo;s not enough to protect just the "panic room" of high-value systems. Every user, device, and access point across the organization must be safeguarded because attackers will always look for the easiest way in. And once inside, even the best panic room may not be enough to keep you safe.
This is why relying on a password manager like LastPass for only a subset of users creates gaps that malicious actors can exploit. Cyber threats don&rsquo;t discriminate between protected and unprotected endpoints&mdash;they target the weakest link in the chain. Therefore, the perimeter must extend as far out as possible, covering every individual, device, and access point. Comprehensive protection ensures that vulnerabilities aren&rsquo;t left exposed, reducing the risk of breaches that can compromise the entire system.
Lateral movement is a common tactic used by cyber threat actors, used in&nbsp;around <a href="https://www.techtarget.com/searchsecurity/news/252523561/VMware-The-threat-of-lateral-movement-is-growing">25%&nbsp;of all cyberattacks</a>.&nbsp;The term &ldquo;lateral movement&rdquo; doesn't mean hackers always move sideways through a network though&mdash;their actions can be more of a lattice moving up and down, rather than just across. Lateral movement can be exacerbated by overprivileged accounts. Overprivileged accounts have more permissions or access rights than they need to perform their intended tasks, which can increase security risks and vulnerabilities. Considering the increasing attack surface with Software-as-a-Service (SaaS) applications and shadow IT, overprivileged accounts can allow access to internal systems and sensitive data and pose several cyber threats. 
The speed of cyberattacks is also increasing, in part due to increased automation. It now takes threat actors on average 62 minutes to move laterally from initial access to other devices or systems on the same network according to the <a href="https://www.securitymagazine.com/articles/100423-report-average-breakout-time-for-intrusive-activity-is-62-minutes#:~:text=A%20report%20by%20CrowdStrike%20revealed,be%20vigilant%20against%20evolving%20threats.#:~:text=A%20report%20by%20CrowdStrike%20revealed,be%20vigilant%20against%20evolving%20threats.">2024 CrowdStrike Global Threat Report</a>. These compounding threats raise the stakes for entities to set their security perimeter as far out as they can to make it harder for threat actors to gain access to their systems. 
<h3>What is Lateral Movement? </h3>
Lateral movement is the traversal of a larger network via privilege escalation, vulnerability exploits, and other methods, from an initial access point. Hackers use this technique to expand their reach within a company's network and stay hidden.&nbsp;Threat actors pivot from their initial entry point, such as a compromised account on a corporate laptop, to the rest of a network, gaining access to sensitive systems or data and achieving their ultimate objectives, whether its data theft, network disruption, or deeper compromise. 
Threat actors first compromise a legitimate corporate account using stolen credentials; social engineering; malware delivered via phishing emails, exploit kits, drive-by download attacks; or other techniques. Once the account has been compromised, attackers can conduct reconnaissance to determine where they are in the network via the compromised account and its existing privileges and connections. To move through a network, the attacker may require login credentials. These can be legitimate user credentials, stolen administrative privileges, and/or other tactics to escalate their privileges and propagate through a network. Credential dumping&mdash;stealing login information from software or the operating system&mdash;can be accomplished using tools like keyloggers or Windows Credential Editor. Other common techniques for obtaining credentials include social engineering, brute-force attacks, pass-the-ticket, pass-the-hash, or simply buying already-stolen passwords from a dark web marketplace.
<h3>Major Case Studies</h3>
A breach doesn&rsquo;t have to start from an account with elevated privileges&mdash; it can come from anywhere. For instance, the DarkSide ransomware gang breached US pipeline operator Colonial Pipeline in 2021 by using compromised VPN credentials for an employee login that was believed to be inactive that reportedly used the same password on another compromised site. After gaining access, the threat actors used their access privileges to move laterally across the network's infrastructure and stole approximately 100 gigabytes of data in two hours. The ransomware incident impacted the company's IT network and forced the company to shut down pipeline operations, as well as various IT components. Colonial Pipeline paid the ransomware operators 75 Bitcoins (approximately $4.4 million USD) to restore its data and operations.&nbsp;The MITRE Corporation, a non-profit overseeing federally funded research, was breached by Chinese nation-state hackers in January this year through two zero-day vulnerabilities in products from IT vendor Ivanti. The hackers used the Ivanti vulnerabilities to move laterally by taking over a compromised administrator account and used a <a href="https://therecord.media/mitre-breached-ivanti-zero-days">&ldquo;combination of sophisticated backdoors and webshells to maintain persistence and harvest credentials.&rdquo;</a> 
<h3>SMBs Face Risks Too</h3>
If this can happen at a large company, it can happen at any sized company too. One-third of SMBs were hit by a cyberattack in the past year, Microsoft Security recently said in a&nbsp;<a href="https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/SMBCybersecurity-Report-Final.pdf">report conducted by research firm Bredin</a>. The greatest cybersecurity challenge facing organizations of all sizes is data protection. Although small businesses typically have smaller amounts of data, this information is of high value to cybercriminals.&nbsp;Small and medium-sized companies (SMBs) can be an attractive target for ransomware and other cyberattacks because of the perception their security isn&rsquo;t as robust as larger organizations with bigger security budgets. For instance, according to <a href="https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-cosmicbeetle-group-joins-forces-with-other-ransomware-gangs-targets-businesses-in-europe-and-asia-1/">reporting</a> in September, cybercriminal group "CosmicBeetle" exploited various older vulnerabilities in technologies typically used by small businesses in Turkey, as well as Spain, India, and South Africa to install its custom SCRansom malware. Vulnerabilities included issues in Veeam Backup &amp; Replication (CVE-2023-27532), which can allow unauthenticated attackers to access the backup infrastructure, or two privilege escalation vulnerabilities in Microsoft Active Directory (CVE-2021-42278 and CVE-2021-42287), which together allow a user to&nbsp;<a rel="noopener noreferrer" href="https://www.fortinet.com/blog/threat-research/cve-2021-42278-cve-2021-42287-from-user-to-domain-admin-60-seconds" target="_blank">"effectively become a domain admin."</a> Researchers suspected the hackers opportunistically attacked these small businesses because these older, known vulnerabilities to be patched in larger companies with better patch management in place. 
According to <a href="https://news.sophos.com/en-us/2024/03/12/2024-sophos-threat-report/">Sophos' 2024 Threat Report</a>, over 90% of customer-reported attacks involved some form of data or credential theft. These attacks ranged from ransomware and data extortion to unauthorized remote access and direct data theft. Stolen credentials, including browser cookies, are commonly used in business email compromise schemes, to access third-party services like cloud-based finance systems, or to infiltrate internal resources for fraud or financial gain. Additionally, these credentials are often sold by "access brokers" on underground forums, with some listings specifically advertising access to the networks of small and medium businesses.
Lateral movement in a smaller network is, by definition, easier to do. Small and mid-size businesses may not have adequate network segmentation, and accounts are also frequently overprivileged, which makes it easier to move laterally within the network. SMBs&rsquo; connections to other companies can be valuable to threat actors and may be seen as an entry point to critical infrastructure or larger entities. Cybercriminals increasingly focus on supply chain attacks, where they target smaller, less-secure vendors to gain access to larger enterprises.
<h3>Indiscriminate Targeting</h3>
Widespread campaigns that are opportunistic, scanning for vulnerable companies to get their foot in the door, can pose a threat to a wide range of targets. Financially motivated cyber threat group Storm-1811 <a href="https://www.bleepingcomputer.com/news/security/windows-quick-assist-abused-in-black-basta-ransomware-attacks/">abused the Windows Quick Assist feature</a> in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks starting in mid-April this year. First the hackers email bombed the target after subscribing their addresses to various email subscription services, then they called and impersonated a Microsoft technical support or company's IT or help desk staff to help remediate the spam issues. During this voice phishing attack, the attackers tricked the victims into granting them access to their Windows devices by launching the Quick Assist built-in remote control and screen-sharing tool. After installing malicious tools and concluding the phone call, Storm-1811 performed domain enumeration, moved laterally through the victim's network, and deployed Black Basta ransomware. In another attack, cybercriminal group CRYSTALRAY broadened its targeting scope ten-fold to steal credentials and deploy crypto miners with new tactics and exploits earlier this year using the&nbsp;<a rel="noopener noreferrer" href="https://github.com/MegaManSec/SSH-Snake" target="_blank">SSH-Snake</a>&nbsp;open-source worm to <a href="https://www.bleepingcomputer.com/news/security/crystalray-hacker-expands-to-1-500-breached-systems-using-ssh-snake-tool/">spread laterally</a> on breached networks. 
The frequency and effectiveness of lateral movement by threat actors underscores the importance of stopping a threat actor before they can ever get in the door. Social engineering awareness training, prompt vulnerability patching, and password management can help protect you by locking your doors and windows without relying on your panic room!

Lateral Movement: The Hidden Pathway to Data Breaches

Given how easy it is for threat actors to pivot from an entry point via a low-level employee to get into systems and gain access to high-value targets, entities must ensure their entire organization is covered. It’s not enough to secure just a few individuals or devices; the entire network and all its users must be safeguarded.

LastPass would like to make our customers aware of a new SMS-based phishing (smishing) campaign targeting our customers. These texts are being sent from the phone number 833-479-4892 and include text stating the following: &ldquo;[LastPass] We just blocked an unrecognized device from logging in. If it was not you, please secure your account immediately (sso-lastpass.com/reset)&rdquo;. If you click on the link in the text, you will be directed to a phishing page that appears to be designed to collect your credentials, including your master password. An example of the phishing site can be found below:
<img src="https://www.lastpass.com/-/media/bc0e785e2f29440c8230d87e908051c6.png?h=1014&amp;w=1352" >
<p class="Paragraph SCXW239959756 BCX0" paraid="2087186289" paraeid="{e4453101-41a7-42b0-9401-a1258a5a741c}{212}" style="color: windowtext; background-color: transparent; margin-right: 0px; margin-bottom: 10.6667px; margin-left: 0px; padding: 0px;">We are currently working to get the phishing site taken down and wanted to notify our customers as soon as possible. Please remember that no one at LastPass will ever ask for your master password. If you need customer support, including to reset your master password, please go directly to our website, <a class="Hyperlink HyperlinkGateOff SCXW239959756 BCX0" href="https://www.lastpass.com/" target="_blank" rel="noopener noreferrer" style="color: inherit; margin: 0px; padding: 0px;">https://www.lastpass.com</a>.&nbsp; As always, please take the appropriate precautions, and if you have any questions if an email or phone number is legitimate, please submit it to abuse@lastpass.com.
<p class="Paragraph SCXW239959756 BCX0" paraid="936869946" paraeid="{e4453101-41a7-42b0-9401-a1258a5a741c}{251}" style="color: windowtext; background-color: transparent; margin-right: 0px; margin-bottom: 10.6667px; margin-left: 0px; padding: 0px;">Phishing Site Information:&nbsp;
<p class="Paragraph SCXW239959756 BCX0" paraid="820676035" paraeid="{2a19a905-f8e0-438a-822a-4c05db3c59cb}{2}" style="color: windowtext; background-color: transparent; margin-right: 0px; margin-bottom: 10.6667px; margin-left: 0px; padding: 0px;">URL: sso-lastpass[.]com
<p class="Paragraph SCXW239959756 BCX0" paraid="1995470908" paraeid="{2a19a905-f8e0-438a-822a-4c05db3c59cb}{12}" style="color: windowtext; background-color: transparent; margin-right: 0px; margin-bottom: 10.6667px; margin-left: 0px; padding: 0px;">IP: 2606:4700:3034::ac43:d14f
<p class="Paragraph SCXW239959756 BCX0" paraid="2012337447" paraeid="{2a19a905-f8e0-438a-822a-4c05db3c59cb}{22}" style="color: windowtext; background-color: transparent; margin-right: 0px; margin-bottom: 10.6667px; margin-left: 0px; padding: 0px;">SMS Sending Phone Number:&nbsp;
<p class="Paragraph SCXW239959756 BCX0" paraid="1752418443" paraeid="{2a19a905-f8e0-438a-822a-4c05db3c59cb}{28}" style="color: windowtext; background-color: transparent; margin-right: 0px; margin-bottom: 10.6667px; margin-left: 0px; padding: 0px;">833-479-4892

New Smishing Campaign Targeting LastPass Customers 

LastPass would like to make our customers aware of a new SMS-based phishing (smishing) campaign targeting our customers.

New Smishing Campaign Targeting LastPass Customers

Cybercriminals view U.S. presidential elections as a prime opportunity for notoriety and profit, using tactics like ransomware attacks, website take-downs, and software vulnerabilities. Security experts say these threats&mdash;already seen in the current election cycle&mdash;will likely persist beyond Election Day on November 5. According to Mike Kosak, a senior analyst at LastPass, the election&rsquo;s high profile makes it akin to a &ldquo;Super Bowl&rdquo; for cybercriminals, allowing them to gain instant recognition and sell stolen data to the highest bidder on the dark web.
The appeal of hacking for fame isn&rsquo;t new, and some hackers are motivated by more than money. While nation-state hackers generally focus on espionage, cybercriminals are often driven by a blend of financial gain, ideology, and status. Their goal is not to alter votes&mdash;voting machines aren&rsquo;t connected to the internet, and paper ballots offer a safeguard&mdash;but to disrupt election processes and erode confidence in their security.
Ransomware remains the top threat, with financially motivated hackers targeting local election offices, which often lack advanced cybersecurity defenses. Unlike distributed denial-of-service (DDoS) attacks, ransomware holds critical systems hostage, sometimes forcing election officials to pay to restore services. Recent advances in generative AI also enable hackers to craft sophisticated phishing schemes, making ransomware attacks more effective.
The threat landscape is further complicated by potential ties between cybercriminals and foreign adversaries, as seen with suspected Russian cybercriminal links to Russian intelligence. Some hacker groups operate with impunity in countries that provide &ldquo;safe havens,&rdquo; making international law enforcement efforts challenging. As Election Day nears, experts brace for this &ldquo;perfect storm&rdquo; of motivations and tactics, focusing on robust safeguards to secure election integrity despite ongoing cyber threats.
Read more of our commentary here: <a href="https://www.wsj.com/articles/the-presidential-election-could-be-a-super-bowl-for-hackers-f8cfd0b2">https://www.wsj.com/articles/the-presidential-election-could-be-a-super-bowl-for-hackers-f8cfd0b2</a>.

Cybersecurity Threats Surrounding the U.S. Presidential Election: A Perfect Storm of Cybercriminal Activity 

Cybercriminals view U.S. presidential elections as a prime opportunity for notoriety and profit, using tactics like ransomware attacks, website take-downs, and software vulnerabilities. Security experts say these threats—already seen in the current election cycle—will likely persist beyond Election Day on November 5. According to Mike Kosak, a senior analyst at LastPass, the election’s high profile makes it akin to a “Super Bowl” for cybercriminals, allowing them to gain instant recognition and sell stolen data to the highest bidder on the dark web.

Cybersecurity Threats Surrounding the U.S. Presidential Election: A Perfect Storm of Cybercriminal Activity

<p class="Paragraph SCXW109743744 BCX0" paraid="1859117548" paraeid="{eceac9af-630c-431b-a532-607b3113a8e7}{180}" style="color: windowtext; background-color: transparent; margin-right: 0px; margin-bottom: 10.6667px; margin-left: 0px; padding: 0px;">6 November 2024 UPDATE: LastPass would like to provide on update on this activity to our customers as the threat actors are taking a new approach, now using emojis to post the fake customer service number in the Chrome Web Store app page. They have also changed the phone number, though the website the fraudsters direct you to has not changed. Please see below for an example:&nbsp;
<p class="Paragraph SCXW109743744 BCX0" paraid="1859117548" paraeid="{eceac9af-630c-431b-a532-607b3113a8e7}{180}" style="color: windowtext; background-color: transparent; margin-right: 0px; margin-bottom: 10.6667px; margin-left: 0px; padding: 0px;"><img src="https://www.lastpass.com//-/media/62c97b2cc39143cb81744baa4b1964e3.png?h=361&amp;w=708" style="height:361px; width:709px;" alt="LastPass-fake-google-review-png" />
<p class="Paragraph SCXW109743744 BCX0" paraid="788363707" paraeid="{eceac9af-630c-431b-a532-607b3113a8e7}{209}" style="color: windowtext; background-color: transparent; margin-right: 0px; margin-bottom: 10.6667px; margin-left: 0px; padding: 0px;">Again, please remember that no one at LastPass will ever ask for your master password. If you need customer support, please go directly to our website, <a class="Hyperlink HyperlinkGateOff SCXW109743744 BCX0" href="https://www.lastpass.com/" target="_blank" rel="noopener noreferrer" style="color: inherit; margin: 0px; padding: 0px;">https://www.lastpass.com</a>. As always, please take the appropriate precautions, and if you have any questions if an email or phone number is legitimate, please submit it to abuse@lastpass.com.
Originally published 31 October 2024: LastPass would like to make our customers aware of a current social engineering campaign leveraging fake reviews on our Chrome Web Store app page. A threat actor appears to be submitting reviews where they direct customers to a fake number controlled by the threat actor. Examples of these Google Chrome Web Store app page posts and the phone number can be found below.&nbsp;
<img src="https://www.lastpass.com//-/media/c2681def165c487eb57ce7191c536c53.png" style="height:614px; width:732px;" alt="Screenshot20241030at51154PMpng" />
<p class="Paragraph SCXW70979457 BCX0" paraid="41044682" paraeid="{a9bec1e9-248e-4070-9a68-a42c7e64e224}{180}" style="color: windowtext; background-color: transparent; margin-right: 0px; margin-bottom: 10.6667px; margin-left: 0px; padding: 0px;">Individuals calling this fake support number will be greeted by an individual asking what product they are having issues with and then a series of questions regarding whether they are attempting to access LastPass via a computer or a mobile device and what operating system they are using. They will then be directed to the site dghelp[.]top while the threat actor remains on the line and attempts to get the potential victim to engage with the site, exposing their data.&nbsp;
<p class="Paragraph SCXW70979457 BCX0" paraid="544462615" paraeid="{a9bec1e9-248e-4070-9a68-a42c7e64e224}{192}" style="color: windowtext; background-color: transparent; margin-right: 0px; margin-bottom: 10.6667px; margin-left: 0px; padding: 0px;">We are working to disrupt this campaign by having the reviews removed and getting the phishing website taken down. At this time, we are only aware of these types of fake posts on the Google Chrome Web Store app page. Please be aware these reviews are fake and while the usernames associated with the reviews may change, the text has been consistent for every review to date.&nbsp;
<p class="Paragraph SCXW70979457 BCX0" paraid="1707591198" paraeid="{15abfb49-15ca-41d1-8549-88ca292e6aa8}{165}" style="color: windowtext; background-color: transparent; margin-right: 0px; margin-bottom: 10.6667px; margin-left: 0px; padding: 0px;">Please remember that no one at LastPass will ever ask for your master password. If you need customer support, please go directly to our website, <a class="Hyperlink SCXW70979457 BCX0" href="https://www.lastpass.com/" target="_blank" rel="noopener noreferrer" style="color: inherit; margin: 0px; padding: 0px;">https://www.lastpass.com</a>.&nbsp; As always, please take the appropriate precautions, and if you have any questions if an email or phone number is legitimate, please submit it to abuse@lastpass.com.

Fake Web Store Reviews Attempting to Steal Customer Data

LastPass would like to make our customers aware of a current social engineering campaign leveraging fake reviews on our Chrome Web Store app page. A threat actor appears to be submitting reviews where they direct customers to a fake number controlled by the threat actor. 

While consumers focus on scoring holiday deals ahead of Black Friday and Cyber Monday, cybercriminals have their sights set on an even bigger prize: your credentials. While a wide range of retailers offer discounts on products for the major online shopping event over the holiday season, it will also attract cybercriminals who exploit the increased activity to launch attacks through email, text, and phone scams&mdash;particularly targeting user credentials. Cybercriminals frequently target this shopping period to enable fraud and conduct other malicious attacks. We expect to see an uptick in similar cyber threat activity over the next several weeks.
The following are key cyber threats related to passwords during Black Friday and how they can compromise your account security.
<ul>
 <li>Phishing&nbsp;is one of the most common tactics used to steal passwords. Cybercriminals craft fake emails, SMS messages, or social media posts that appear to come from retailers offering exclusive deals, gift cards, or urgent account notifications. They also spoof delivery services like UPS since a lot of shipments for online orders occur during this period. Victims are then directed to fake login pages that mimic the real site. When they enter their credentials, the attackers capture the username and password. Once attackers gain access to an account, they may use the same credentials to target other accounts the user owns, especially if passwords are reused across multiple services.</li>
 <li>Credential stuffing&nbsp;is another common attack method during high-traffic shopping events like Black Friday. This occurs when attackers use previously stolen username-password pairs (often from unrelated data breaches) to attempt logins on various sites. Attackers use automated tools to try large volumes of login credentials. If users reuse passwords across different services, attackers can potentially gain access to their accounts. If successful, attackers can hijack accounts, place fraudulent orders, or change shipping and payment details.</li>
 <li>Cybercriminals may create&nbsp;fake apps or websites&nbsp;to trick users into providing their login credentials. Users may download a malicious app or visit a fraudulent website that appears to offer special deals or early access to Black Friday sales. These apps or sites prompt users to log in with their credentials, which are then stolen by the attacker. Beyond just stealing credentials, these malicious apps can also install malware that steals additional information, including other stored passwords on the device.</li>
 <li>During large-scale shopping events, attackers may distribute&nbsp;malware, such as infostealers, that target stored passwords. Infostealers are malware designed to steal credentials stored in browsers or password managers. During Black Friday, attackers may target users with malware disguised as legitimate tools or deal notifications, infecting their systems and harvesting stored credentials. If infostealers gain access to a user's device, they can compromise multiple accounts, including banking, email, and social media.</li>
</ul>
<h2>New Threat Vectors Pose Unique Threats</h2>
While most of this activity isn&rsquo;t new, we expect to see some new threat vectors emerge.
<ul>
 <li>With artificial intelligence (AI) tools like large language models now more readily accessible, cybercriminals can create more convincing phishing/smishing messages and social engineering campaigns at scale. Threat actors can rely on these tools to craft well-worded, grammatically accurate messages to add legitimacy to their campaigns. Widely available AI tools also allow more low-skilled threat actors to set up and run mass phishing campaigns. Since ChatGPT launched in November 2022, there has been over a 4,000% surge in malicious phishing messages, according to SlashNext&rsquo;s&nbsp;<a href="https://www.infosecurity-magazine.com/news/341-rise-advanced-phishing-attacks/">The State of Phishing 2024 report</a>.</li>
 <li>QR codes have become more common as they&rsquo;re convenient for contactless transactions and information sharing, but they have also become a target for cybercriminals. Quishing, or QR code phishing, has increased significantly in recent years. In 2021, QR codes were used in only 0.8% of phishing attacks; by the first half of 2024, that number increased to&nbsp;<a href="https://www.egress.com/newsroom/new-egress-report-reveals-millennials-are-the-key-target-as-ai-quishing-and-multi-channel-attacks-top-phishing-trends">nearly 11%</a>.&nbsp;QR codes are a popular marketing tool that can be used in online retail in many ways, such as driving traffic to a store&rsquo;s page, making payments, or providing customer support. This leaves the door open for cybercriminals to use malicious QR codes for attacks to redirect users to fake websites or login portals that request personal information or other sensitive details, download malicious files to a user&rsquo;s device without their knowledge, redirect payments to threat actors&rsquo; bank accounts, or in social engineering attacks to bypass security measures like moving the attack from a protected email environment to a mobile device.</li>
 <li>The explosion in digital retail has transformed how we shop and interact with brands. Social commerce&nbsp;made up about 5% of US e-commerce sales in 2022&nbsp;and is expected to increase to nearly 7% by 2025, according to&nbsp;<a href="https://www.mintel.com/press-centre/nearly-half-of-us-consumers-say-they-have-made-a-purchase-through-social-media/#:~:text=Social%20commerce%20made%20up%20about,2025%2C%20according%20to%20Mintel%20research.#:~:text=Social%20commerce%20made%20up%20about,2025%2C%20according%20to%20Mintel%20research.">Mintel research</a>. Meanwhile, cybercriminals have developed sophisticated techniques to exploit social media platforms, using them as potential attack vectors. Social media users interacting with supposed trusted brands to shop online may have a false sense of security. Beware of fake accounts impersonating brands or promoting supposed products and links.</li>
</ul>
<h2>Keep Your Passwords Safe</h2>
During Black Friday, heightened online commerce activity creates a prime opportunity for cybercriminals to launch password-related attacks. Consumers must remain vigilant, avoid common pitfalls like reusing passwords, and employ strong security practices such as MFA and password management tools. Taking proactive steps to secure accounts is the best way to defend against these prevalent threats. To stay cyber safe this holiday season, consider the following countermeasures:
<ul>
 <li>Always check the URL before clicking on a link or entering your login credentials. If a message over email or text seems suspicious, block the sender and delete it.</li>
 <li>Enable multi-factor authentication (MFA) for your accounts to add an extra layer of security. That will prevent anyone with access to your credentials from simply logging in.</li>
 <li>Avoid password reuse by using unique passwords for each account. A password manager can help generate and store complex, distinct passwords for different services.</li>
 <li>Only download official apps from legitimate stores like Google Play or the Apple App Store.</li>
 <li>Use antivirus software to scan for malware and avoid downloading software from untrusted sources. Consider using a password manager that encrypts credentials.</li>
</ul>

Black Friday Deals Come with Cyber Risks: Keep Your Passwords Safe

During Black Friday, heightened online commerce activity creates a prime opportunity for cybercriminals to launch password-related attacks. Consumers must remain vigilant, avoid common pitfalls like reusing passwords, and employ strong security practices such as MFA and password management tools. Taking proactive steps to secure your accounts is the best way to defend against these prevalent threats. 

<div class="OutlineElement Ltr SCXW160799445 BCX0" style="color: #000000; background-color: #ffffff; margin: 0px; padding: 0px;">
It&rsquo;s Cybersecurity Awareness Month! October is that special time of year that combines scary spiders with Scattered Spider and serves as an excellent reminder to take time to assess and improve the cybersecurity posture of your organization. LastPass will be providing a series of content to highlight threats and best practices over the course of the month, including webinars and other LastPass Labs blog posts, which starts with the threat posed by shadow IT within your organization.&nbsp;&nbsp;
<h2 class="p1" style="color: rgba(0, 0, 0, 0.85); margin: 0px 0px 10.7px;">What is Shadow IT?&nbsp;&nbsp;</h2>
Shadow IT is any software, service, device, or hardware used by employees without the knowledge or approval of IT teams. Software-as-a-service (SaaS) solutions are a popular example: staff frustrated with existing collaboration or connectivity tools may seek out free online alternatives that help streamline their workflow. In some cases, they don't consider the impact of outside applications on internal networks or data protection practices and simply forget to inform IT. In other instances, employees purposefully avoid informing IT so they can keep using the application of their choice. According to <a rel="noopener noreferrer" href="https://www.csoonline.com/article/575457/shadow-it-is-increasing-and-so-are-the-associated-security-risks.html" target="_blank">recent survey data</a>, 57% of small and midsize businesses (SMBs) have discovered shadow IT deployments on their network; 76% of SMBs said these deployments posed "moderate to severe" cybersecurity threats. &nbsp;
Of note, the use of shadow IT is rarely driven by malice. Rather, it is most often associated with employees seeking to work more efficiently, leading them to adopt or leverage technologies not approved by their company&rsquo;s IT department, and not realizing the risk they are creating for their company.&nbsp;&nbsp;
<h2 class="p1" style="color: rgba(0, 0, 0, 0.85); margin: 0px 0px 10.7px;">What Threats Does Shadow IT Pose?&nbsp;&nbsp;</h2>
While shadow IT is frequently associated with well-intentioned efforts to improve efficiency, the use of these technologies introduces vulnerabilities across several fronts. Let&rsquo;s take a look at a few of the most serious threats associated with the use of unapproved IT:&nbsp;&nbsp;
<ul class="ul1" style="color: #000000;">
 <li class="li2" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Lack of Visibility: Perhaps the most obvious issue with shadow IT is that you can&rsquo;t protect what you don&rsquo;t know you have within your network. Applications and other shadow IT leveraged by employees create pockets of unprotected infrastructure that IT departments can&rsquo;t monitor and defend. Further, shadow IT may have unpatched and/or unknown vulnerabilities the employee may not be monitoring for and remediating. This fundamentally creates a potentially disastrous combination of a supply chain/third-party risk and an exposed vulnerability. It&rsquo;s like having a back door into your network that&rsquo;s not locked.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li2" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Expanded Attack Surface: Implicit with the lack of visibility in the use of shadow IT is the inherent expansion of an organization&rsquo;s attack surface. Every application, software, or device introduced into your company&rsquo;s network presents another way an attacker could steal data or otherwise degrade or disrupt operations. Combine this with the above-mentioned lack of visibility by your IT department and this expanded attack surface can lead to a potential cyber attack your organization can&rsquo;t see coming.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li2" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Data Loss: Many instances of shadow IT involves the use of personal emails to transfer data or conduct business conversations. Other instances include the use of open-source tools in support of development operations or other more technical functions. Irrespective of its function, shadow IT tools may result in the storage of sensitive company data or customer personal information outside company infrastructure, which presents an increased risk of data theft, data loss, or other unintended exposures.&nbsp;&nbsp;</li>
</ul>
<h2 class="p1" style="color: rgba(0, 0, 0, 0.85); margin: 0px 0px 10.7px;">What Can Be Done?&nbsp;&nbsp;&nbsp;</h2>
While shadow IT may offer some tempting benefits, particularly around the increase in efficiencies, the risks inadvertently introduced into your organization&rsquo;s network can outweigh the benefits. Strong IT policies the prevent the download and use of non-approved technologies are critical, as is network monitoring for the use of shadow IT. This monitoring can be done via logs, endpoint agents, or even the use of password managers that can provide insight into unexpected or unauthorized accounts. An open-door IT culture allows for frank discussions between users and the IT department regarding the potential need for external applications or other tools, which allows for a team-driven approach for technology adoption that allows for the institution of appropriate and necessary security and monitoring measures. Combining the best intentions that often drive shadow IT adoption with the security and monitoring protections your IT and Security departments provide through open discussions and partnership allows you to continue to innovate and improve efficiency while still staying safe!&nbsp;
</div>

The Threat from Shadow IT

While shadow IT is frequently associated with well-intentioned efforts to improve efficiency, the use of these technologies introduces vulnerabilities across several fronts. 

As kids head back to school, parents and teachers have been focused on school supplies, while cybercriminals have their eyes on the prize: targeting educational institutions for financial gain. The last two years have seen a marked increase in cyberattacks on schools and educational entities, primarily driven by&nbsp;ransomware&nbsp;threats and the sensitive data these institutions hold, necessitating enhanced security measures to mitigate risks. 
Increasing ransomware attacks, expanded geographic targeting, and more sophisticated tactics indicate the threat to the education sector continues to grow. Ransomware attacks against K-12 schools and higher education institutions surged by 105% last year, with the total number of such incidents rising from 129 in 2022 to 265 in 2023. Higher education institutions specifically saw a <a href="https://www.threatdown.com/blog/2024-state-of-ransomware-in-education-92-spike-in-k-12-attacks/">70% increase in attacks</a>, from 68 incidents in 2022 to 116 in 2023. These figures only account for reported incidents where ransoms were not paid, suggesting that the actual number of attacks may be even higher. This highlights the vulnerability of educational institutions due to the sensitive personally identifiable information (PII) they manage. Notably, ransomware attacks on education <a href="https://www.threatdown.com/blog/2024-state-of-ransomware-in-education-92-spike-in-k-12-attacks/">spiked during the summer months</a> last year prior to schools reopening for autumn.
&nbsp;<img src="https://www.lastpass.com/-/media/0d503a9c39d8495fa2b9da298dda77d3.png?h=458.848&amp;w=720.551" >
Notable ransomware groups have significantly contributed to this increase. Five ransomware gangs were <a href="https://www.threatdown.com/blog/2024-state-of-ransomware-in-education-92-spike-in-k-12-attacks/">credited</a> with 81% of 2023&rsquo;s education ransomware attacks, including LockBit (60), Vice Society/Rhysida (44), CL0P (22), Medusa (17), and Akira (15). While most attacks were concentrated in the US, other countries like the UK, Australia, Germany, France, and Brazil were also affected. This broader scope indicates a growing global threat to educational institutions. Ransomware groups have also developed increasingly sophisticated tactics. Phishing attacks are a common method for gaining initial access, with groups like Rhysida using tools like Cobalt Strike to <a href="https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-rhysida#:~:text=Motivated%20by%20financial%20gain%2C%20Rhysida's,lateral%20movement%20in%20infected%20machines">move laterally</a> within compromised systems. 
Recent instances indicate that attacks have continued to affect educational institutions this year. According to Abnormal security <a href="https://abnormalsecurity.com/blog/education-sector-august-2024-cyberattacks">researchers</a>, over 650,000 records from multiple educational institutions were compromised across multiple educational institutions in the last two months alone, with email addresses being the common targets in all breaches. This pattern points to a rise in targeted cyberattacks as schools prepare for the 2024 academic year. 
These cyberattacks have caused substantial disruptions in educational operations, affecting the delivery of services and the safety of student information. The sensitive nature of the data held by educational institutions makes them attractive targets for cybercriminals. Experts stress the critical need for robust cybersecurity awareness and defenses in educational institutions to defend against ongoing attacks, as the education sector remains a prime target.

Back-to-School Season Heightens Cybersecurity Threats to Education Sector

Cyberattacks on educational institutions, particularly ransomware attacks, have surged over the past year. Schools and universities are increasingly targeted due to the sensitive data they hold, with K-12 and higher education institutions seeing a significant rise in attacks. This trend underscores the urgent need for enhanced security measures to protect against growing cyber threats.

LastPass to Showcase Threat Intelligence Expertise at BlackHat USA 2024

LastPass' Threat Intelligence, Mitigations, and Escalations (TIME) team previews the BlackHat topics they are looking forward to. Highlights include artificial intelligence, spotlight on election security, and meeting with customers to talk about dark web credential monitoring. 

The 2024 Olympic Games, set to be held in Paris between July and August, are not only a stage for athletic excellence but also a prime target for cyberattacks. With the growing intersection of technology and international events, the threat landscape has expanded, bringing increased attention to cybersecurity around the world&rsquo;s largest sporting event. Both nation-state actors and cybercriminals are sure to be gearing up to exploit the event and will likely target the Olympics themselves. There has already been an increase in influence campaigns ahead of the games&mdash;primarily conducted by Russia&mdash;but we expect to see other activity, including espionage, ransomware, and, with less likelihood, disruptive operations. Olympics-related cyber threats could impact various targets including event organizers and sponsors, ticketing systems, Paris infrastructure, and athletes/spectators traveling to the event. These attempts will likely intensify as the Opening Ceremony approaches.
In our increasingly interconnected cyber world, it is important to think how you are connected to the broader ecosystems that are under threat during this timeframe and make sure you are comfortable with your current security posture. Confirm your attack surface is as secure as possible, even if you aren't typically facing nation-state threats on a regular basis.
Nation-States Are Out for Themselves and Revenge
The Olympic Games are a time of competitive rivalries between countries. It is therefore fitting that it is also an opportune backdrop to conduct geopolitically motivated maneuvers in the context of this global event. We&rsquo;ve seen this play out before. Russian hackers targeted the 2018 Winter Olympics in Pyeongchang with destructive Olympic Destroyer malware during the opening ceremony and managed to take some of the Games&rsquo; internal servers offline. They sought to disrupt the event and retaliate against the International Olympic Committee (IOC) for banning Russian athletes over its doping scandals. 
The Olympics present an attractive target for nation-state actors due to several reasons&mdash;primarily political influence and espionage. Countries may attempt to use cyberattacks to promote their political agendas, discredit adversaries, or create propaganda opportunities. By disrupting the Olympics or leaking sensitive information, they can cause embarrassment to host nations or competitors. For instance, Russian hackers penetrated the World Anti-Doping Agency in 2016 and leaked private medical information about American athletes Serena Williams, Venus Williams, and Simone Biles. Given the number of government officials and key decision makers attending, cyber espionage groups could likely target the 2024 Olympics for information gathering purposes to support their respective national interests. 
Google&rsquo;s Mandiant recently concluded that Russia poses the greatest threat to this year&rsquo;s Olympic Games. Russia has a longstanding history of targeting the Olympics. If they cannot compete or win in the Olympics, they have previously sought to undermine the competition. After Moscow invaded Ukraine, the IOC decided Russia and Belarusian athletes could not represent their respective countries in the Paris Games. In retaliation, Russia already started conducting influence operations to tarnish the reputation of France, this year&rsquo;s host country, and the Olympics themselves. Last month, <a href="https://blogs.microsoft.com/on-the-issues/2024/06/02/russia-cyber-bots-disinformation-2024-paris-olympics/">Microsoft reported a Russian-backed disinformation campaign</a> has ramped up its activities since March with social media posts stoking fears about safety during the games, sometimes impersonating French and American intelligence agencies to issue fake warnings. 
Chinese, Iranian, and North Korean state sponsored actors also pose a risk. China and Iran have not previously been connected with major hacks against the Olympics or other sporting events. However, their state hackers could engage in some level of opportunistic cyber espionage operations against select attendees or Olympics-affiliated organizations, researchers say. North Korea has fewer stakes this year and could likely conduct opportunistic financially motivated operations or leverage the event in social engineering campaigns. 
Cybercriminals Are After the Money
While nation-state actors pursue strategic goals, cybercriminals are primarily motivated by financial gain. The Olympics provide numerous opportunities for these actors to exploit through ransomware, phishing, social engineering, and supply chain attacks. For example, entities associated with the 2020 Olympic Games in Tokyo witnessed a surge in cyber threats, mostly designed to steal financial information from victims. One instance of this was <a href="https://www.zdnet.com/article/honda-confirms-its-network-has-been-hit-by-cyber-attack/">the ransomware attack on one of Japan&rsquo;s largest corporations, Honda,</a><a>&nbsp;</a>just before the Tokyo Olympics. While not directly tied to the event, it highlighted the potential risk of disruption for entities based in or connected with the host country and/or Olympics.&nbsp;According to reporting earlier this month, a <a href="https://www.bleepingcomputer.com/news/security/ticket-heist-fraud-gang-uses-700-domains-to-sell-fake-olympics-tickets/">large-scale fraud campaign dubbed Ticket Heist</a> with over 700 domain names is likely targeting Russian-speaking users looking to purchase tickets for the Summer Olympics in Paris. The operation offers fake tickets to the Olympic Games and appears to take advantage of other major sports and music events. 
Some other potential opportunities that threat actors may take advantage of during and around the Olympics are:
<ul>
 <li>Cybercriminals can deploy ransomware to encrypt critical systems, demanding hefty ransoms for their release. The urgency and high stakes of the Olympics make organizations more likely to pay to avoid disruptions.</li>
 <li>With millions of viewers, bad actors can use phishing emails and social engineering tactics to steal personal information, credentials, and payment details. Fake ticket sales and fraudulent streaming services are common scams.</li>
 <li>Companies associated with the Olympics, such as sponsors, broadcasters, and service providers, are also prime targets. Cybercriminals may target these companies to access sensitive information or use them as vectors to attack the main Olympic Games infrastructure. Threat actors are betting on the fact that sometimes third-party companies&rsquo; security measures are not as robust as their ultimate target and can be an easier way to infiltrate them.</li>
</ul>
The Olympic Games are more than a sporting event; they are a symbol of global unity and excellence. However, they also present a significant target for cyberattacks from both nation-states and cybercriminals. As we approach the Olympics, it is crucial for all stakeholders to remain vigilant with their cybersecurity efforts. By doing so, we can help ensure the spirit of the Olympics is preserved and the event can proceed without digital disruption while also helping your company stay secure and minimize adverse effects by any potential cyberattacks. 
<div> <hr align="left" size="1" width="33%" />
<div>
<div id="_com_1" language="JavaScript"> </div>
</div>
</div>

The Rising Threat: Cyberattacks on the 2024 Olympic Games

The 2024 Olympic Games, set to be held in Paris between July and August, are not only a stage for athletic excellence but also a prime target for cyberattacks. With the growing intersection of technology and international events, the threat landscape has expanded, bringing increased attention to cybersecurity around the world’s largest sporting event. Both nation-state actors and cybercriminals are sure to be gearing up to exploit the event and will likely target the Olympics themselves. 

Blog

Blog

Recent

Industry News

LastPass For Admins

LastPass Labs

Product Updates

Tips And Tricks

LastPass Labs

Empowering Privacy: How to Manage, Share, and Secure Your Data

Bot activity targeting users engaging with LastPass on X platform

SMS Is Insecure. Now What?

Lateral Movement: The Hidden Pathway to Data Breaches

New Smishing Campaign Targeting LastPass Customers

Cybersecurity Threats Surrounding the U.S. Presidential Election: A Perfect Storm of Cybercriminal Activity

Fake Web Store Reviews Attempting to Steal Customer Data

Black Friday Deals Come with Cyber Risks: Keep Your Passwords Safe

The Threat from Shadow IT

Back-to-School Season Heightens Cybersecurity Threats to Education Sector

LastPass to Showcase Threat Intelligence Expertise at BlackHat USA 2024

The Rising Threat: Cyberattacks on the 2024 Olympic Games

Subscribe to stay up-to-date on the latest from the LastPass Blog