When it comes to keeping your company safe after a breach, it’s important to diversify your sources of truth after the Okta breaches. While it’s easy to turn to your company’s security team for help, they won’t always have the answers you need. Using a combination of different sources of truth can help you to keep your organization protected from threats like the Okta data breach.
Identity-based attacks are the most vulnerable attack vector in today’s enterprise setting
There’s a growing need for organizations to secure their identities. In 2022, 84% of organizations reported an identity-related breach, up 6.3% from the previous year. Moreover, 78% of these organizations suffered a direct impact. This is largely because of the proliferation of attack vectors and the increasing numbers of privileged identities. The most important threat vectors include:
Active Directory is the primary target of attackers, since it provides a broad set of access to systems and data. A weakened Active Directory can compromise an entire identity infrastructure. It can also elevate the privileges of an attacker, allowing them to execute more damaging attacks. Privileged accounts give attackers fast-tracked access to sensitive data and resources.
An attacker may gain access to information about employees, customers, healthcare records, or other sensitive data. They can also launch Distributed Denial of Service (DDoS) attacks, which overwhelm the target system and prevent it from performing normal operations. As a result, the attackers can exploit the systems to mine cryptocurrency or send spam.
Another popular attack vector is phishing. Attackers can use a botnet to send phishing emails, which can craft to look like they came from the target organization. They can also exploit vulnerabilities in software and hardware to access a target organization’s network. For example, hackers can install malware to infect hundreds or thousands of computers. Once they have access to the targeted system, they can perform corporate espionage, launching cyber attacks and stealing sensitive data.
SQL injection
The next most common attack vector is SQL injection. Using a malicious SQL query, attackers can read and write data in a database and extract personal details and intellectual property. Additionally, attackers can manipulate the data in the database and manipulate its structure. These attacks allow attackers to steal credit card information and other private business details.
One of the largest attacks of the past couple of years was a March 2021 cyber attack that targeted Microsoft Exchange. It leveraged four zero-day vulnerabilities discovered in Microsoft Exchange servers. By leveraging these vulnerabilities, the attackers injected ransomware on affected servers. However, the attack not detected until related applications were taken down.
Another common attack vector is brute force attack. This attack involves an attacker attempting to log into a target site with known or stolen passwords. Often, the attackers will use automated password cracking tools. Other methods include social engineering, where they try to guess login credentials based on social media posts, the name of a pet, or other common phrases.
Cloud computing has made security management more challenging. While cloud environments provide a convenient way to run services and applications, they have also increased the number of unmanaged privileged identities. Moreover, the growing Bring Your Own Device (BYOD) trend poses additional challenges to network security teams.
Notifying customers whose data have compromised can seriously impact the company’s reputation
Notification of a data breach is no joke. Companies that store consumer information have an obligation to notify their customers of the breach. If the edict carried out in a timely fashion, the damage can mitigate. But how can you go about the task in a manner that is as painless as possible? Some of the best ways to do the task include using letters of mail, a toll-free phone number, and an exemplary website. Lastly, the best way to handle such a crisis is to engage the services of an institution that can monitor account activity for fraudulent use. These institutions will be happy to provide advice.
Despite all this, notifying customers whose data have compromised can be a daunting task. However, there are some best practices to follow to minimize the potential for embarrassment and to the maximum benefit of the customer. Thankfully, the internet is a treasure trove of information. This can be tap to identify the culprit and avert the calamity. It’s also the perfect opportunity to show the customer that you care about their business. So, before you hit the mail box, sift through the facts and figures and learn what you should do next. In the long run, your customers will thank you for it. For more information, contact us. We’d love to hear from you.
The most important part of the process is to do it in a manner that is as painless and as least invasive as possible. To this end, the best practices mentioned above are a must. You’ll see a much happier and more engaged workforce as a result. Those armed with the knowledge will likely reap the rewards in the form of increased customer loyalty, fewer customer service nightmares, and more money in your pocket.
Diving into a cloud-based source of truth
The Okta breach is a major security event that has reportedly affected many organizations and end users. Though it did not result in unauthorized access to customer data, the incident was a wake-up call for the company.
OKTA, a cloud-based access management service, announced earlier this month that it had suffered a security breach. In the statement, the company said that it was “notifying law enforcement” of the incident, and that it had contacted its customers. It did not reveal how it gained access to its systems or the extent of the damage, but it said it had placed temporary restrictions on the repository. A recent update clarifies that it is investigating whether 366 customer accounts had impacted by the incident.
This latest incident follows a high-profile attack earlier this year that targeted Samsung and other companies. Though the scale of the compromise was not as large as some analysts had feared, Lapsus$ still claimed that it had compromised several systems. However, it does not appear that the company was able to retrieve any data from its systems, and the claims may be a bit exaggerated.
According to Okta, the extortion group gained access to its support engineer’s account through a compromised Remote Desktop protocol session. Specifically, the extortion group had access to Okta’s Slack channels, and its internal systems.
Okta also referred to a recent forensic report that revealed that the company’s Sitel sub processor breached. During a review of the source code repositories on GitHub, Okta discovered that a handful of intruders had accessed its repositories in a non-authorized manner. After reviewing the source code, Okta placed a temporary restriction on access to the repository.
GitHub
Okta stated that it was aware of the attack in late January, and that it had informed law enforcement about the incident. It later clarified that it was not able to identify the attackers. Instead, it had alerted by GitHub, which notified the company of the suspicious activity.
It has been two months since the Lapsus$ extortion group released the first data it had gathered from Okta’s systems, which included a 37GB archive of Microsoft applications. Since then, the group has been targeting multiple large corporations, including Nvidia and Sykes Enterprises.
The extortion group has been known to employ several tactics to gain unauthorized access to systems. One technique, known as Mimikatz, allowed the group to exploit GitLab and Confluence.
Although the source code leak was not as damaging as the Okta breach, it does highlight the fact that attackers can sometimes exploit gaps between services to gain unauthorized access. As a result, it is a good idea to establish policies that limit the scope of access to cloud resources.
Another thing to know about Okta is that it does not rely on the security of its source code. However, it did cite a recent incident in which a user with a GitHub account was able to access a few of the repository’s most recent code commits.
Recommended readings:
