The recent Okta security incident made us think about the dangerous combination of two equally cruel to exploit vectors – the 3rd party (or supply chain) along with the identity provider. This is a dangerous combination!
Identity and access management (IAM) is a cybersecurity framework with a predefined set of policies, processes, and tools for defining and executing individual network roles and access privileges to various cloud and on-premises apps.
An IAM solution or tool is crucial in connecting and integrating your business with different people and resources. It is a must-have solution (as a part of a greater plan) to prevent data breaches and maintain the integrity of your business data. Thus, the IAM market will likely rise from more than $20 billion by 2024.
However, the data hacking incident on IAM tools like Okta, NVIDIA, and Microsoft is alarming for businesses.
On March 22, a series of screenshots were published online on Telegram from a system used by one of Okta’s third-party customer support engineers. 2.5% or 366 of Okta’s customers got impacted by this incident.
Okta is a popular authentication service used by thousands of governments and organizations globally as a single sign-on provider. It enables employees to securely access the company’s internal network and resources like apps, calendars, and email accounts.
The Lapsus$ hackers’ group claimed that it had breached the identity management platform Okta by infiltrating one of its customers, Sitel, back in January. A report further revealed that LAPSUS$ used tools like Mimikatz to extract passwords to gain more access to Sitel’s systems.
The extortion hacking group has previously targeted customer support companies having weaker cybersecurity defenses. Microsoft, NVIDIA, and Roblox have also experienced similar data compromise of customer support agents’ accounts that led to access to their internal systems.
At first, Okta dismissed the news about the attack and associated it with an attempt by hackers in January to compromise a third-party support engineer’s account. But later, Okta has admitted that it made a mistake by not telling customers about the security breach in January.
Okta’s Chief Security Officer David Bradbury in a statement, said that:
‘ We concluded that a small percentage of customers, approximately 2.5%, have been impacted and whose data may have been viewed or acted upon.”
He further added; ”We have identified those customers and directly contacted them. If you are an Okta customer and have been impacted, we have already reached out directly via email. We are sharing this interim update, consistent with our values of customer success, integrity, and transparency.”
Okta is facing a considerable amount of backlash and criticism from the security community for its poor handling of the compromise and the months-long delay in informing the customers.
After accepting the data breach incident, the Okta CISO wrote a blog on their website. This blog highlighted the events that led to the attack in chronological order. According to the blog, here’s what happened:
Whether if you are an Okta customer or not, we encourage you to take the following steps to protect your data and business:
Solvo automatically manages identity and access management for users and cloud assets, ensuring you’re always the least privileged. Solvo has introduced an IAMagnifier feature that checks and views any unnecessary entities that can read your sensitive data. This approach reduces the attack surface and potential blast radius.
Start the free trial now, or book a demo.