You might recall that threat actor group Lapsus$ posted screenshots in their Telegram channel of what they claim to be Okta customer data. Okta is a leading provider of authentication services and Identity and Access Management (IAM) solutions. They’re used by organizations worldwide as a single sign-on (SSO) provider, allowing employees to securely access a company’s internal systems, such as email accounts, calendars, applications and more. Okta has responded with their version of events as well.
Lapsus$ has previously claimed responsibility for the leaked proprietary data of companies such as NVIDIA and Samsung. Unlike ransomware groups, Lapsus$ does not encrypt data once they gain access. Instead, they exfiltrate the data and threaten to publish what they’ve gathered if demands are not met. The group began by focusing on Latin American victims and some security researchers suspect the group is based in Latin America.
In the interest of helping customers of Okta since it is said that over 300 customers might be affected by this, I reached out to managed security provider Nuspire and JR Cunningham, CSO at Nuspire was kind enough to provide these recommendations:
- Review your Okta audit logs for suspicious activity focused on superuser/admin Okta accounts.
- Rotate passwords for high-privileged accounts.
- Check for privileged accounts created around the time of the suspected breach. (January 21, 2022).
Hopefully that helps companies take a security posture that help to protect them from being the next victim of Lapsus$.
Like this:
Like Loading...
Related
This entry was posted on March 24, 2022 at 11:30 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Nuspire Provides Advice For Customers Of Okta Who Might Be Affected By The Lapsus$ Hack
You might recall that threat actor group Lapsus$ posted screenshots in their Telegram channel of what they claim to be Okta customer data. Okta is a leading provider of authentication services and Identity and Access Management (IAM) solutions. They’re used by organizations worldwide as a single sign-on (SSO) provider, allowing employees to securely access a company’s internal systems, such as email accounts, calendars, applications and more. Okta has responded with their version of events as well.
Lapsus$ has previously claimed responsibility for the leaked proprietary data of companies such as NVIDIA and Samsung. Unlike ransomware groups, Lapsus$ does not encrypt data once they gain access. Instead, they exfiltrate the data and threaten to publish what they’ve gathered if demands are not met. The group began by focusing on Latin American victims and some security researchers suspect the group is based in Latin America.
In the interest of helping customers of Okta since it is said that over 300 customers might be affected by this, I reached out to managed security provider Nuspire and JR Cunningham, CSO at Nuspire was kind enough to provide these recommendations:
Hopefully that helps companies take a security posture that help to protect them from being the next victim of Lapsus$.
Share this:
Like this:
Related
This entry was posted on March 24, 2022 at 11:30 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.