{"id":2871,"date":"2022-03-31T15:04:57","date_gmt":"2022-03-31T21:04:57","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=2871"},"modified":"2022-03-31T15:05:00","modified_gmt":"2022-03-31T21:05:00","slug":"companies-are-affected-after-the-okta-breach","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/03\/31\/companies-are-affected-after-the-okta-breach\/","title":{"rendered":"Companies are affected after the Okta breach."},"content":{"rendered":"\n
\"Illustration
Okta logo is displayed in this illustration taken March 22, 2022.<\/figcaption><\/figure>\n\n\n\n

Okta Inc (OKTA.O<\/a>), whose authentication services are used to grant access to networks by firms such as FedEx Corp (FDX.N<\/a>) and Moody’s Corp (MCO.N<\/a>), and more than 15,000 clients, announced on Tuesday that it had been hacked and that some clients may have been affected. Okta reported that in the “worst-case” 366 of its clients were affected and that their “data may have been viewed or acted upon” – the company’s stock dropped 9% as a result of the announcement.<\/p>\n\n\n\n

Although the breadth of the breach is unknown, it might have significant ramifications because Okta, located in San Francisco, manages access to hundreds of firms’ networks and apps.<\/p>\n\n\n\n

Now let us get to the topic, they were hacked and this breach was carried out by the cyber-gang Lapsus$. Lapsus$ hackers utilize the same old method to get around MFA.<\/p>\n\n\n\n

\"How
picture from google<\/figcaption><\/figure>\n\n\n\n

According to Ekram Ahmed of cyber-security firm Checkpoint, the ransomware gang is a South American threat actor that has lately been linked to cyber-attacks on certain high-profile targets. The cyber-gang is infamous for extortion, threatening the publication of sensitive information if its victims do not comply with their demands.<\/p>\n\n\n\n

The gang has claimed to have broken into several high-profile firms, including Microsoft, in the past.<\/p>\n\n\n\n

The malicious activities, which granted the threat actor access to nearly 366 Okta customers, took place over a five-day period between January 16 and 21, during which the hackers carried out various phases of the attack, including privilege escalation after gaining an initial foothold, persistence, lateral movement, and internal network reconnaissance.<\/p>\n\n\n\n

The vulnerability was eventually discovered two months later, when LAPSUS$ uploaded images of the compromise on their Telegram channel on March 22.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Okta said that it just received a short report regarding the issue from Sitel on March 17 after sharing symptoms of the breach with them on January 21. The criminal gang then said on March 22, the same day it posted the screenshots, that it had gotten a copy of the full investigative report.<\/p>\n\n\n\n

The criminal gang then received a copy of the full investigative report on March 22, the same day it posted the screenshots.<\/p>\n\n\n\n

“Even when Okta received the Mandiant report in March explicitly detailing the attack, they continued to ignore the obvious signs that their environment was breached until LAPSUS$ shined a spotlight on their inaction,” Demirkapi wrote in a tweet thread.<\/p>\n\n\n\n

In a comprehensive FAQ written on March 25, the San Francisco-based firm admitted that it made a “mistake” in failing to warn its consumers about the January hack.<\/p>\n\n\n\n

“In light of the evidence that we have gathered in the last week, it is clear that we would have made a different decision if we had been in possession of all of the facts that we have today,” Okta said, adding it “should have more actively and forcefully compelled information from Sitel.”<\/p>\n\n\n\n

\"Illustration
People’s miniatures are seen in front of the Okta logo in this illustration taken March 22, 2022.<\/figcaption><\/figure>\n\n\n\n

C<\/span>ompany’s<\/span> reaction after the attack: <\/strong><\/p>\n\n\n\n

Cloudflare, one of Okta’s clients, stated in a blog post that it did not believe it had been hacked.<\/p>\n\n\n\n

“There is no evidence that our system has been hacked or compromised,” FedEx told Reuters.<\/p>\n\n\n\n

Thanet, which uses Okta to make it easier for employees to manage and sign in to different apps, told BBC News that the attack “has not affected the council’s data’s security,” but that it “will continue to monitor the issue.”<\/p>\n\n\n\n

The National Cyber Security Centre in the United Kingdom claimed it has “not observed any indication of effect in the United Kingdom.”<\/p>\n\n\n\n

At last, here is a video<\/strong> from youtube which summarises it all:<\/strong><\/p>\n\n\n\n

\n