Category Archives: Breach

Okta’s Cybersecurity Breach: A Deep Dive into its Impact and Implications

Okta, a leading identity management solution provider, recently faced a cyberattack that has sent ripples throughout the tech and financial sectors. Here’s what you need to know:

1. Financial Aftermath:

Okta’s market value took a significant hit following the breach’s disclosure. Its shares plummeted by 11% on the announcement day and 8.1% the following Monday. This decline equates to a staggering loss of over $2 billion in market capitalization.

2. Details of the Attack:

While specifics are limited, an anonymous hacker group accessed client data through Okta’s support system. The extent and nature of the accessed data remain undisclosed, raising concerns and speculation within the cybersecurity community.

3. Okta’s Integral Role in the Tech Ecosystem:

If you’re unfamiliar with Okta, it’s worth noting its pivotal role in the digital space. With a clientele of over 18,000 companies, Okta offers single login solutions for multiple platforms. Big names like Zoom integrate with Okta to consolidate access to platforms such as Google Workspace, VMware, ServiceNow, and Workday.

4. Client Communication Controversy:

In the aftermath of the breach, Okta claimed it had notified all impacted clients. However, this narrative was challenged by BeyondTrust. The identity management firm revealed it had spotted and reported suspicious activity to Okta weeks before the public disclosure. BeyondTrust’s report emphasized their belief in a probable larger compromise within Okta, a concern initially downplayed by the latter.

5. History Repeats? Past Breaches Involving Okta:

It’s not the first time Okta has been in the cybercrime spotlight. Earlier in the year, casino magnates Caesars and MGM were victims of cyberattacks that targeted their Okta installations. These attacks resulted in losses exceeding $100 million. Moreover, the modus operandi included advanced social engineering tactics executed via IT help desks.

In a separate incident earlier this year, hacker group Lapsus$ allegedly infiltrated several Okta systems. This group has been associated with breaches at high-profile companies like Uber and Rockstar Games.

Final Thoughts:

The recent breach underscores the need for heightened cybersecurity measures, especially for firms integral to the tech infrastructure, like Okta. As digital reliance grows, so does the responsibility to protect client data and maintain trust. The incident serves as a reminder for corporations to evaluate and bolster their cybersecurity defenses constantly.

Other Articles:

CNBC Okta cybersecurity breath wipes out more than $2 billion in market cap

Fast Company Gen Z hackers created a sophisticated new playbook for cyberattacks.

Reuters Hackers who breached casino giants MGM and Caesar also hit three other firms.

Okta’s Security Breach: A Ripple Effect in the Realm of Cybersecurity

In the interconnected world of cybersecurity, when a service as integral as Okta experiences a breach, the shockwaves are felt far and wide. Okta, a cornerstone in the identity and access management arena, recently faced a security incident that has raised eyebrows across the cybersecurity community. The incident wasn’t just a solitary event but triggered a cascade of security alerts and potential breaches across various high-profile companies, including BeyondTrust and Cloudflare.

The breach, as reported, originated when threat actors exploited stolen credentials to gain unprecedented access to Okta’s support case management system. This unauthorized access allowed them to view sensitive files uploaded by certain customers, including HTTP Archive (HAR) files, typically used for troubleshooting. These files contain sensitive data like session tokens and cookies, which, in the wrong hands, can be a skeleton key to user impersonation and unauthorized system access.

Okta, a service entrusted with authentication and single sign-on services for thousands of companies worldwide, including government agencies, was quick to respond. Chief Security Officer at Okta, David Bradbury, confirmed that the company took immediate steps to protect their customers, including revoking embedded session tokens. However, the specifics of the number of customers impacted by this breach remain undisclosed, raising questions and concerns in the security community.

The ripple effect of this breach became evident when BeyondTrust, a company specializing in identity management, revealed that they detected suspicious activities linked to the Okta breach as early as October 2nd. The attackers reportedly used a stolen session cookie from Okta’s system to try and gain a foothold in BeyondTrust’s environment. Despite the prompt response and the containment measures by BeyondTrust, the delay between detecting suspicious activities and Okta’s confirmation of the breach—a span of over two weeks—is concerning.

Similarly, Cloudflare experienced an attempted breach on October 18th, where threat actors used a compromised authentication token from Okta’s breach to try and penetrate Cloudflare’s systems. Thankfully, in both instances, the companies’ security protocols held strong, and no significant harm was reported.

This incident highlights a critical aspect of cybersecurity: the chain-reaction effect. A breach in one area can have a domino effect, leading to attempted breaches across many interconnected systems. Especially in cases where a service like Okta, central to many organizations’ identity verification processes, is involved, the potential for widespread impact is immense.

BeyondTrust’s advisory aptly stressed the complexity of modern identity-based attacks, underlining that such attacks can spring from outside an organization’s own environment. They emphasized the necessity of robust policies and internal controls, particularly concerning how sensitive files like HAR are shared and handled. The incident underscores the concept of defense in depth, illustrating that the failure of a single control shouldn’t result in a breach.

Notably, this isn’t the first time Okta has found itself in the crosshairs. Last year, the company reported that a breach at one of its third-party contractors allowed the Lapsus$ group to access customer information. In a separate incident in 2022, Okta also acknowledged that threat actors had accessed its source code through compromised GitHub repositories.

As the dust settles on this latest security incident, it’s a stark reminder to companies about the importance of stringent cybersecurity protocols, constant vigilance, and the implementation of multi-layered security defenses. It also underscores the need for transparency and prompt communication in the event of security breaches, given the potential for such incidents to have far-reaching consequences. It’s yet another wake-up call for users and organizations to practice caution, continually reassess security postures, and stay informed in an ever-evolving cybersecurity landscape.

1Password

Okta Support System incident and 1Password

1Password suffered a security incident after hackers gained access to its Okta ID management tenant.

Okta

Tracking Unauthorized Access to Okta’s Support System

Okta Stolen Credential Led to Support System Breach

Pwned Passwords

Pwned Passwords

Pwned Passwords are 555,278,657 real world passwords previously exposed in data breaches. This exposure makes them unsuitable for ongoing use as they’re at much greater risk of being used to take over other accounts. They’re searchable online below as well as being downloadable for use in other online systems. Read more about how HIBP protects the privacy of searched passwords.

Have I Been Pwned is a site that keeps records of major user ID and password breaches from over 369 breached sites. Use this site to check your passwords.

Time for smartcards, an op-ed by John Mulligan, Executive Vice President and Chief Financial Officer, Target | Target Corporate

Time for smartcards, an op-ed by John Mulligan, Executive Vice President and Chief Financial Officer, Target | Target Corporate.

These have been out for a while in Europe.  These cost more and should have been mandatory for the last eight years.  Additional measure needs to be added to the cards and to the Credit bureau reporting.  

Why do we have to safe guard our information?  Credit bureau need to update their input methods and have better measure to safe guard it.  Insurance companies are now finding new products by adding a baseline and then locking away with periodic reviews of the information for $60-$100 a year.

 

 

 

 


Who do you trust?

Mr. Ken Thompson creator of the Bon programming language, B programming language, and co-invented the C programming language. The Plan 9 and UNIX operating systems.  He as received the Turing award, IEEE Richard W. Hamming Medal, Fellow of the Computer History Museum, Tsotomu Kanai Award, Japan Prize and the National Medal of Technology.  By all measures a “god” in computers.

In his acceptance speech for the Turing Award he gave a lecture in Reflections on Trusting Trust.  In the first two pages he explains how to write self-replicating code.  He further explains on how a compiler is trained or updated to accept future conditions as yet unknown.  In short how to introduce binary into a compiler. If this were not deliberate, it would be called a compiler “bug.” Since it is deliberate, it should be called a “Trojan hours.” (Thompson, 1984)

 The moral is obvious. You can’t trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler.

I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well-installed microcode bug will be almost impossible to detect. (Thompson, 1984)

         Ken Thompson 1984

Mr. Thompson is talking about code from 1969 in the year 1984. Now roll forward 2014 to EMC and their RSA division with respect to the embed encryption software and the use of the Elliptic Curve Cryptosystems.  We have a document that would indicate that something has been “planned” between RSA and the NSA. (James Ball, 2013)  In 2007, security export Bruce Schnier detailed the flaws in the algorithm’s use of secret constants. (Schneier, 2007). We have the denial that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries.  We categorically deny this allegation of EMC RSA division. (RSA, Speaking of Security, 2013)  Mr. Thompson thirty years earlier is warning us what would happen.

Schneier, B. (2007, 11 15). Did NSA Put a Secret Backdoor in New Encryption Standard? Retrieved from www.wired.com: http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115

Thompson, K. (1984). Reflections on Trusting Trust. Communication of the ACM , 27 (8), 761-763.

James Ball, J. B. (2013, 09 5). Revealed: how US and UK spy agencies defeat internet privaacy and security. Retrieved from www.theguardian.com: http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

RSA, Speaking of Security. (2013, 12 22). RSA Response to media claims regarding NSA relationship. Retrieved from blogs.rsa.com: https://blogs.rsa.com/news-media-2/rsa-response/

 

 

Books, Stephen Pedneault, Fraud 101, Anatomy of Fraud Investigation, Preventing & Detecting Employee Theft & Embezzlement | Forensic Accounting Services

Not knowing very much on fraud investigation I ran across Stephen Pedneault’s book: Anatomy of a Fraud Investigation From Detection to Prosecution.  This was an interesting read.  Since it was cold and snowy outside I got the ebook from Amazon and read it.  Although Mr. Pedneault spends considerable time taping and cutting the tape to the storage closet for the 26 boxes, four computers and four garbage bags of evidence he tells a great story.  Lots of twists and turns but from a computer guy studying computer forensics it has great detail.  I still want to know what was on the laptop!  Some very important points are made in the book along the way to help explain why certain actions are taken or not taken.  Very important to beginners just starting out in forensics.

 

Books, Stephen Pedneault, Fraud 101, Anatomy of Fraud Investigation, Preventing & Detecting Employee Theft & Embezzlement | Forensic Accounting Services.