Okta customers have been targeted in a social engineering scam the company said, and on Friday warned of social engineering attacks orchestrated by threat actors to obtain elevated administrator permissions:
In recent weeks, multiple US-based Okta customers have reported a consistent pattern of social engineering attacks against their IT service desk personnel, in which the caller’s strategy was to convince service desk personnel to reset all Multi-factor Authentication (MFA) factors enrolled by highly privileged users.
The attackers then leveraged their compromise of highly privileged Okta Super Administrator accounts to abuse legitimate identity federation features that enabled them to impersonate users within the compromised organization.
That’s pretty scary. I’ll explain why in a moment. John Gunn, CEO, Token had this comment:
Cybercriminal organizations intentionally and smartly target the organizations that have the richest assets and that will pay the highest ransoms, and with that they focus on compromising the users that have the greatest privileges to gain immediate access to applications and data they are targeting. Because of Okta’s market dominance they are able to get a perspective not available to others and they share this with the market to the benefit of all.
So, why do I think that this is scary? It once again proves that the weakest link in cybersecurity is the people. This sort of attack will not work if people are properly trained and that training is constantly reinforced with “secret shopper” type exercises where people pretend to be threat actors and target the recipients of the training to see if the knowledge is retained. Thus companies need to get onto that train as quickly as possible to bolster their defences.
Like this:
Like Loading...
Related
This entry was posted on September 7, 2023 at 7:59 am and is filed under Commentary with tags Hacked, Okta. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Okta Customers Targeted In Social Engineering Attacks
Okta customers have been targeted in a social engineering scam the company said, and on Friday warned of social engineering attacks orchestrated by threat actors to obtain elevated administrator permissions:
In recent weeks, multiple US-based Okta customers have reported a consistent pattern of social engineering attacks against their IT service desk personnel, in which the caller’s strategy was to convince service desk personnel to reset all Multi-factor Authentication (MFA) factors enrolled by highly privileged users.
The attackers then leveraged their compromise of highly privileged Okta Super Administrator accounts to abuse legitimate identity federation features that enabled them to impersonate users within the compromised organization.
That’s pretty scary. I’ll explain why in a moment. John Gunn, CEO, Token had this comment:
Cybercriminal organizations intentionally and smartly target the organizations that have the richest assets and that will pay the highest ransoms, and with that they focus on compromising the users that have the greatest privileges to gain immediate access to applications and data they are targeting. Because of Okta’s market dominance they are able to get a perspective not available to others and they share this with the market to the benefit of all.
So, why do I think that this is scary? It once again proves that the weakest link in cybersecurity is the people. This sort of attack will not work if people are properly trained and that training is constantly reinforced with “secret shopper” type exercises where people pretend to be threat actors and target the recipients of the training to see if the knowledge is retained. Thus companies need to get onto that train as quickly as possible to bolster their defences.
Share this:
Like this:
Related
This entry was posted on September 7, 2023 at 7:59 am and is filed under Commentary with tags Hacked, Okta. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.