Digital assault on Passwordstate undermines faith in password storage systems
In a recent development, Passwordstate, an Australian password manager for enterprise users, has fallen victim to a malicious backdoor cyberattack. The attack exposed users for approximately 28 hours last week.
The unknown threat actor behind the attack compromised an in-place security upgrade for the product. They used a malformed zip file, which then downloaded a rogue dll file, allowing the attackers to exfiltrate computer system data, passwords, and other sensitive information.
Click Studios, Passwordstate's parent company, has confirmed the incident and is working closely with the Australian Cyber Security Centre (ACSC) and international cybersecurity partners to monitor the situation and provide advice to affected organisations. The ACSC has also stated that they are monitoring the incident.
The attack on Passwordstate has raised questions about the effectiveness of password managers, especially for applications that cannot be integrated with other security controls like SSO, SAML, and OIDC, and for privileged accounts like database administrators. It has also sparked concerns about the trust in enterprise password managers.
David Chase, senior research director at Gartner, commented on the impact of the attack, stating that it may vary from serious for some organisations to minimal for others. Darren Guccione, co-founder and CEO of Keeper Security, added that the incident raises questions about the security of enterprise systems that are operated on-premises versus cloud-based systems.
Juan Andres Guerrero-Saade, principal threat researcher at SentinelOne, expressed concern that the ramifications of the attack on Passwordstate will affect all users of the service. Security researchers at CSIS Group have also gone public about the malicious attack.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has not provided any specific details about its involvement in the incident. Click Studios claims that only a small number of customers have been affected by the cyberattack.
The cybersecurity firm involved in the investigation of the malicious backdoor attack on Passwordstate is 7Elements, a cybersecurity consultancy. The identity of the threat actor behind the incident remains unknown, with experts suggesting they are likely non-state actors.
The attack on Passwordstate has occurred amid heightened demand for enterprise password managers due to months of supply chain and ransomware attacks against major companies and government agencies. This incident serves as a reminder for all organisations to prioritise cybersecurity measures and to stay vigilant against potential threats.
