Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Okta announced that threat actors breached their customer support system and accessed some of their clients` files. Hackers used stolen credentials to intrude into the system.
GitHub, Apple, Hewlett Packard, Zoom, FedEx, Mitsubishi Heavy Industries, etc. use Okta`s identity and access management services. This makes Okta a very interesting target for attackers, who could use a similar breach to intrude on other companies` systems.
However, the system breach Okta disclosed on Friday does not impact client systems. The attack only impacted the support platform.
The Okta data breach impact
Okta’s Chief Security Officer, David Bradbury, confirmed that the breach involved unauthorized viewing of customer support case files. According to his statement
The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases.
It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted. In addition, the Auth0/CIC case management system is not impacted by this incident.
David Bradbury, Okta Chief Security Officer
The problem is those files contained session tokens, which attackers could use to impersonate legitimate users. While Bradbury said that all affected customers have been notified, this data breach raises critical questions about Okta`s security practices.
Earlier this week, Okta`s tech partner, Cloudflare, announced hackers tried to target their system using an authentication token compromised at Okta.
Reportedly, the attackers tried to use the token to pivot into Cloudflare’s Okta instance. Cloudflare`s Security Incident Response Team contained the incident and said no customer data or systems were affected. Additionally, they highlighted the importance of implementing MFA at every sign-on and advised stronger hardware MFA for all Okta admins.
Multi-factor authentication and access management best practices
Now, let’s talk about the elephant in the room – multi-factor authentication and sensitive data protection.
Stronger security measures, like robust MFA and Privilege Access Management tools could have prevented or mitigated this breach.
Some of the security measures I recommend for preventing such cases are:
- always avoid sharing credentials. Your credentials should not be accessible to other internal users
- use a different password for each platform that you log in to
- only work on assigned devices that use security measures and are managed via your Credential Management System (CMS)
- follow the Principle of Least Privilege to limit the number of people that can access sensitive data
- enforce a Zero trust security model
Okta has faced several security incidents in the past. A social engineering attack targeted them last month, while Lapsus$ group breached Okta`s system last year.
It`s true, Okta is a very appealing target for hackers, so it might be targeted more often by professional threat groups. However, this only means that stronger security measures are mandatory.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
Heimdal® Privileged Access Management
- Automate the elevation of admin rights on request;
- Approve or reject escalations with one click;
- Provide a full audit trail into user behavior;
- Automatically de-escalate on infection;
