As we approach the end of the year, LastPass Labs has reviewed the last 12 months to take account of the threat environment and how it has changed, as well as our accomplishments. Throughout 2023, the Threat Intelligence, Mitigation, and Escalations (TIME) team focused on rapidly expanding our capabilities to protect our customers from phishing sites and/or infostealers.
A major part of this effort has focused on disrupting threat actors’ efforts and has included working in conjunction with our partners at Fortra’s PhishLabs. This continues to be a critical mission for us as we try to proactively address threats to our customers by disrupting threat actors’ tactics to obtain your password(s) outside of the LastPass system at the endpoint (i.e., your device). With our zero-knowledge model, only you can unlock your encrypted vault with your master password, but once you decrypt and access your passwords on your device, you could be more vulnerable against any malware or phishing on your device.
For example, if your computer is infected with an infostealer, the malware will be able to exfiltrate your passwords without our (or frequently your) knowledge. Additionally, you could unknowingly provide your passwords to phishing site. To address these threats, we continue to disrupt these malware families and these phishing sites as quickly and effectively as possible. This includes: 1) working with PhishLabs to identify those infostealers we frequently see selling LastPass customer data on the dark web to try and disrupt these infostealers’ infrastructures; and 2) monitoring for and quickly taking down phishing sites. We are incredibly proud of this partnership and what we’ve accomplished this year. See our blog on our collaboration with PhishLabs from earlier this year here.
With that work, we are pleased to announce that we have seen an approximate 98% decrease in available LastPass customer data on infostealer logs from April to December of this year. Although this could be due to a variety of reasons, our ongoing disruption campaign against threat actors seeking our customers’ information has played a pivotal role. Please know this is just the beginning of our work and we look forward to doing everything we can to help protect our customers and their data.
For more information on steps you can take to help protect yourself against phishing emails, please see this blog post from LastPass' Chief Secure Technology Officer, Christofer Hoff. You can also find more technical details on our legitimate email domains here.
For LastPass customers who want to report a suspicious email, please forward any questionable emails to [email protected] and our team will take the appropriate action from there.
Courtesy of the LastPass Blog and written by Mike Kosak, Senior Principal Intelligence Analyst at LastPass.