Whether you realize it or not, you’ve shared your personal information. Perhaps you’ve done it by filling out an online application to a local gym, purchasing a Mother’s Day gift over the internet, or updating your benefits information with your employer’s HR services. In many of our virtual transactions, we end up willingly and sometimes unknowingly sharing personally identifiable information (PII) with online entities and their third-party affiliates.
Knowing cybercriminals would love nothing more than to get their hands on your sensitive data, online vendors and our own employers turn to third-party identity and access management service companies like Okta to protect customer and employee information.
But what happens when those same identity and access management companies to which we put our trust (and our PII) into fall victim to a third-party breach themselves?
On March 21, a hacking group known as Lapsus$ posted what appeared to be visual proof that the cybercriminals had breached Okta servers. And though Okta has since attempted to frame the incident as “an unsuccessful attempt to compromise” a vendor account, Lapsus$ have reveled in the fallout, taking repeated victory laps on social media, across the dark web, and Okta’s own Telegram channel. Meanwhile, employers, employees, customers, and much of the cybersecurity community are left angry and confused.
Okta has been roundly criticized for the length of time between when the company was first notified of suspicious activity on its servers in January, and its initial public comment following the Lapsus$ Tweet in March. “[Okta] can still turn this around,” Fortalice CEO Theresa Payton told the Wall Street Journal recently, “But it’s going to require transparency in their communications.”
As more information come to light, there are still a host of jarring questions left to answer:
We’re glad you asked.
In the near-term, Fortalice recommends all organizations increase monitoring for all system administration (or “superuser” level) activities for the previous 90 days, and ensure heightened monitoring continues. Additionally, you should test to ensure multi-factor authentication is working as you intended. (Specifically, Okta users should consider taking the extra step to reset passwords.) Lastly, take time to thoroughly review any failed login attempts, and track down any access to your systems from unknown IP addresses.
We at Fortalice believe preparation is the best strategy to protect an organization, so if you’re looking to strengthen your cybersecurity posture and prepare for the next cyber threat, here’s how Fortalice can help:
For additional information on Fortalice Solutions service offerings, contact the team via email at firstname.lastname@example.org.
To report a cyber incident, you can call the FBI's 24/7 CyWatch at (855) 292-3937 or email them at CyWatch@fbi.gov. And for the latest from Okta on the January 2022 Compromise: https://www.okta.com/blog/2022/04/okta-concludes-its-investigation-into-the-january-2022-compromise/.
During the course of our investigative work, Fortalice has observed an increasing and alarming trend: personal email compromise is leading to business email compromise. Threat actors will leverage weaknesses regarding executives’ or board members’ personal cybersecurity hygiene to gain access to their business accounts. Extortion also remains a top cybersecurity threat, with organized criminals overseas routinely targeting corporations and the people who support them.
Silicon Valley Bank (SVB) was shuttered early this month and had its deposits seized in the largest U.S. bank failure since the 2008 financial crisis. Although it may seem like SVB’s collapse will only impact its direct customers and depositors, it is far more complicated. Like vultures to roadkill, cyber scammers often wait to exploit and target victims after tragedy strikes, or bad news arises. A perfect storm of stress, uncertainty, and urgency for customers and vendors alike during this time can impair someone’s judgement when they click links and open emails they otherwise would ignore or delete. Fortalice has outlined a few different ways cybercriminals social engineer their victims during times of extreme distress and insecurity.