March 24, 2022

Okta, the Identity and Access Management platform has a huge problem on its hands. The company, used by thousands of organizations around the world, has been compromised by Lapus$, a (likely) Brazillian-based digital-extortion gang.

To make matters worse, Lapus$ compromised an Okta corporate super-user account way back in January, and the world’s only finding out about it now, just over two months later.

What happened?

Nobody is completely sure. Okta is remaining pretty tight-lipped.

Based on a statement released by Todd McKinnon, Okta’s CEO, the breach happened after an engineering subcontractor was targeted and exploited by Lapus$. This gave the extortion group access to every service Okta uses behind the scenes.

According to McKinnon the unusual activity was noticed almost immediately and contained, but Lapus$ seems to be indicating otherwise (without offering any proof, unfortunately).

What should you do?

If you’re an Okta user? Head for the hills, running and screaming while your arms flail wildly above your head.

Okay, don’t do that. That doesn’t help anybody. On a more helpful note, our business partner, Cloudflare (an Okta customer themselves) has offered some pretty good advice:

  1. Enable MFA for all user accounts. Passwords alone do not offer the necessary level of protection against attacks. We strongly recommend the usage of hard keys, as other methods of MFA can be vulnerable to phishing attacks.
  2. Investigate and respond:
    a. Check all password and MFA changes for your Okta instances.
    b. Pay special attention to support initiated events.
    c. Make sure all password resets are valid or just assume they are all under suspicion and force a new password reset.
    d. If you find any suspicious MFA-related events, make sure only valid MFA keys are present in the user’s account configuration.
  3. Make sure you have other security layers to provide extra security in case one of them fails.

While that advice is offered in direct relation to the Okta breach, it’s pretty good advice for anybody using an IAM platform in general. Heck, it’s good advice for everybody. Good password hygiene is important. Multi-factor authentication is important. These are the things everyone should be implementing across the board to keep their environment(s) safe from digital intruders whose main goal is to completely ruin your day, if not your life.

Remember, you’re only as strong as the weakest link in your chain. Don’t let something like this happen to you. It’s easily preventable.

Carl Keyser is the Content Manager at Integris.

Keep reading

Is DeepSeek Safe for My Company’s Systems?

Is DeepSeek Safe for My Company’s Systems?

China’s new DeepSeek AI engine Has Ushered in a New Era of Fast-Turn, Low-Cost AI Tools. But Are the Risks Worth the Rewards for US Companies? Key Takeaways: China's DeepSeek has been hailed as the nimble new competitor to US large language AI models—an alternative...

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects? The Quick Take Managing IT projects effectively is crucial for ensuring success and maximizing ROI. Here are the best practices to follow: Define Clear Objectives and Scope: Set specific, measurable, achievable,...

What Is The Future of Managed IT Services?

What Is The Future of Managed IT Services?

What Is the Future of Managed IT Services? The Quick Take: The future of managed IT services for small and medium-sized businesses is bright, with the market expected to grow from $1.735 trillion to $2.173 trillion by 2028. Key trends driving this growth include:...