Sunday, May 22, 2022

Okta says security protocols limited the hack, but the response came too slow

Must read

Shreya Christina
Shreya has been with for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

After revealing a hack affecting its authentication platform, Okta has maintained that the effects of the breach were largely mitigated by security protocols and reiterated that users of the service will not be required to take corrective action as a result.

The statements were made Wednesday morning by David Bradbury, chief security officer at Okta, in a video call with customers and press.

On Monday, hacking group Lapsus$ released images showing that the group had compromised Okta’s internal systems, putting thousands of businesses that rely on the authentication tool on high alert.

“Sharing these screenshots is an embarrassment to myself and the entire Okta team,” Bradbury said at the start of the conversation. “Today I want to give my perspective on what happened and where we are with this investigation.”

During a ten-minute briefing, Bradbury said the hackers compromised Okta’s systems by remotely accessing a machine owned by an employee of Sitel — a company outsourced to provide customer service functions for Okta. Using a remote desktop protocol, the hackers were able to enter commands into the compromised machine and view the monitor output, allowing them to take screenshots, Bradbury said.

None of Okta’s systems have been directly compromised, the CSO said, but the Sitel support engineer’s machine was logged into Okta when it was compromised and remained so from the date of the compromise on Jan. 16 until the Okta security team was notified. was charged and the account suspended on January 21st.

However, by using least privileged access protocols – in which a network user is only allowed to perform the minimal set of actions necessary for their job – the hackers were limited in what they could access through a support technician’s account, leading Okta to declare that no corrective action was required from users of the service .

Details of the breach were collected by a forensic investigation firm that was called in shortly after the unauthorized access was discovered, but the full report had only been provided to Okta recently, according to Bradbury.

“I am deeply disappointed at the length of time that has elapsed between our first notification to Sitel in January and the publication of the full investigation report just hours ago,” Bradbury said.

While the ramifications of the breach appear less severe than previously feared, the Lapsus$ hacker group is emerging as a prolific and persistent threat after conducting confirmed hacks against a number of major tech companies and claiming responsibility for other incidents yet to come. have not been done. specifically attributed to the group.

On Tuesday — the same day the Okta hack was confirmed — Lapsus$ also posted source code stolen from Microsoft’s Bing and Cortana products, obtained by compromising an employee account.

The graphics card manufacturer Nvidia was also hacked by the group at the end of February and leaked employee login details online. In a similar time frame, Lapsus$ claimed responsibility for a breach of South Korean tech giant Samsung, which involved obtaining source code for Galaxy devices, and also suggested the group was responsible for a “cyber security incident” involving game developer Ubisoft. affected.

Security professionals see the group as a sophisticated and versatile threat actor and advise potential targets to proactively guard against compromise methods.

“This group’s all-in approach to attacking its victims with ransom, sim swapping, exploits, dark web exploration and trustworthy phishing tactics demonstrates the focus and open toolbox used to achieve its goals,” says Mark Ostrowski, chief of engineering at Check Punt software. “Businesses and organizations around the world need to focus on teaching these tactics to their users, deploying prevention strategies in all aspects of their cybersecurity programs, and inventorying all entry points looking for potential vulnerabilities.”

More articles


Please enter your comment!
Please enter your name here

Latest article