March 24, 2022

Okta, the Identity and Access Management platform has a huge problem on its hands. The company, used by thousands of organizations around the world, has been compromised by Lapus$, a (likely) Brazillian-based digital-extortion gang.

To make matters worse, Lapus$ compromised an Okta corporate super-user account way back in January, and the world’s only finding out about it now, just over two months later.

What happened?

Nobody is completely sure. Okta is remaining pretty tight-lipped.

Based on a statement released by Todd McKinnon, Okta’s CEO, the breach happened after an engineering subcontractor was targeted and exploited by Lapus$. This gave the extortion group access to every service Okta uses behind the scenes.

According to McKinnon the unusual activity was noticed almost immediately and contained, but Lapus$ seems to be indicating otherwise (without offering any proof, unfortunately).

What should you do?

If you’re an Okta user? Head for the hills, running and screaming while your arms flail wildly above your head.

Okay, don’t do that. That doesn’t help anybody. On a more helpful note, our business partner, Cloudflare (an Okta customer themselves) has offered some pretty good advice:

  1. Enable MFA for all user accounts. Passwords alone do not offer the necessary level of protection against attacks. We strongly recommend the usage of hard keys, as other methods of MFA can be vulnerable to phishing attacks.
  2. Investigate and respond:
    a. Check all password and MFA changes for your Okta instances.
    b. Pay special attention to support initiated events.
    c. Make sure all password resets are valid or just assume they are all under suspicion and force a new password reset.
    d. If you find any suspicious MFA-related events, make sure only valid MFA keys are present in the user’s account configuration.
  3. Make sure you have other security layers to provide extra security in case one of them fails.

While that advice is offered in direct relation to the Okta breach, it’s pretty good advice for anybody using an IAM platform in general. Heck, it’s good advice for everybody. Good password hygiene is important. Multi-factor authentication is important. These are the things everyone should be implementing across the board to keep their environment(s) safe from digital intruders whose main goal is to completely ruin your day, if not your life.

Remember, you’re only as strong as the weakest link in your chain. Don’t let something like this happen to you. It’s easily preventable.

Carl Keyser is the Content Manager at Integris.

Keep reading

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects? The Quick Take Managing IT projects effectively is crucial for ensuring success and maximizing ROI. Here are the best practices to follow: Define Clear Objectives and Scope: Set specific, measurable, achievable,...

What Is The Future of Managed IT Services?

What Is The Future of Managed IT Services?

What Is the Future of Managed IT Services? The Quick Take: The future of managed IT services for small and medium-sized businesses is bright, with the market expected to grow from $1.735 trillion to $2.173 trillion by 2028. Key trends driving this growth include:...

The Regulatory Outlook for 2025 and What That Means for Banking IT

The Regulatory Outlook for 2025 and What That Means for Banking IT

With a new administration coming in, 2025 promises to be a year of change. But will it significantly impact banking regulation and your bank’s cybersecurity? No one has a crystal ball, of course, but recent global outlooks for the banking industry seem to point to two...