The Week in Security: After breach, 'unusual activity' detected in GoTo and LastPass dev environments:
The GoTo attack has already had a major impact. In December, GoTo's LastPass secure password management division announced that the incident resulted in a subsequent hack of its cloud infrastructure and the theft of backups containing basic customer account information and - more importantly - customer vault data from the encrypted storage container including (fully-encrypted) fields such as website usernames and passwords, secure notes, and form-filled data. The company said it engaged the security firm Mandiant to investigate the incident and that the subsequent investigation revealed that attackers detected "unusual activity within our development environment and third-party cloud storage service," which is shared by both GoTo and its affiliate, LastPass.
If one area of your business was breached - how sure are you that it would be contained to that area and not spread out to the rest of your environment (including dev and prod)? Would you even notice the lateral spread of an attacker? Deploying a microsegmentation solution is a critical piece of a Zero Trust strategy. A good microsegmentation deployment will give you both visibilty and control to limit the spread - even if you haven’t deployed in a full segmentation mode. Continuous authentication including robust MFA and Zero Trust access are other key pieces which can also help limit your exposure.
Key lesson - assume you will be breached (or you already are!) - how are you limiting the damage from that breach?