Threat Advisory: Okta Compromise

by Security Centric, on 24/03/2022 8:48:01 AM

News came to light recently from a threat actor group that authentication provider Okta had been compromised by one of their members. 

Okta later confirmed this, saying that an account of one of their customer support engineers had been accessed. Okta reported that after investigation it appears that 2.5% of their users were affected whose data may have been impacted or acted upon. While Okta has said they have already identified and reached out to those customers who were affected, it further amplifies the focus that malicious actors have on cyber supply chains. 

If you're concerned about your environment in light of this incident, our engineering team has put together a list of recommendations that can help keep you more secure: 

  • Enable Multi Factor Authentication (MFA) for all user accounts. Depending on passwords alone do not offer the necessary level of protection against attacks.
  • We strongly recommend the usage of hard keys, as other methods of MFA can be vulnerable to phishing attacks.
  • Investigate and respond:
    • Check all passwords and any MFA changes for your Okta instances.
    • Pay special attention to support initiated events.
    • Make sure all password resets are valid or just assume they are all under suspicion and force a new password reset.
    • During your investigation if you find any suspicious MFA-related events, make sure only the valid MFA keys are present in the user's account configuration.
    • Implement other security layers to provide extra security defenses in case one of them fails.
If you have further concerns at this time, please do not hesitate to contact us to talk with a security expert. 
Topics:Threat Advisory


Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|

Subscribe to Updates