Tuesday, May 21, 2024

Vogon Today

Selected News from the Galaxy

StartMag

All the effects of the hacker attack on the American Okta (who works for Moody’s)

2 years ago babelfish

All the effects of the hacker attack on the American Okta (who works for Moody's)

American authentication service provider Okta victim of a hacker attack. The breach could have a domino effect as so many tech companies rely on Okta to manage access to their networks and apps

Hacker attack hit Okta, a US authentication service provider.

Okta said on Tuesday that it suffered an attack by a hacker group in January and that some customers may be involved.

As Axios points out, Okta, little known outside the industry, provides a level of security of access to hundreds of millions of users in a wide range of companies and organizations adopting its access system.

The authentication services of the American company are used by over 15 thousand customers. These include companies such as Fedex Corp, Moody's Corp but also government agencies such as the Federal Communications Commission (FCC) .

Okta was reportedly targeted by Lapsus $, a group of hackers who compromise corporate systems to steal source code, customer lists, databases and other valuable data. Then it makes ransom demands on the victim to keep the data from leaking. In recent months, Lapsus $ has reported numerous cyber attacks against large companies, such as Microsoft , Nvidia and Samsung.

"Any Okta hack could have important ramifications for companies, universities and government agencies that depend on Okta to authenticate user access to internal systems," The Verge points out.

All the details.

THE ATTACK NOW FROM OKTA

Okta yesterday confirmed the January breach in which hackers used a customer support agent employed by a third-party company to gain access to Okta's systems.

Specifically, the company confirmed that an attacker accessed one of its employees' laptops for five days in January 2022. About 2.5% of its customers may have been affected, but states that the service "is not been breached and remains fully operational ".

Therefore "There are no corrective actions that need to be taken by our customers," the company adds.

PERPETRATED BY THE LAPSUS $ GROUP

The disclosure comes when hacker group Lapsus $ posted screenshots on its Telegram channel claiming to be Okta's internal systems.

WHAT OKTA DOES

On its website, Okta describes itself as the "identity provider for the internet" and claims to have more than 15,000 customers on its platform.

As Reuters explains, it competes with Microsoft Corp, PingID, Duo, SecureAuth and IBM to provide identity services such as single sign-on and multi-factor authentication used to help users securely log into applications and sites. Online web.

CUSTOMERS

The Wall Street Journal reports that in a recent report Okta claimed to have over 15,000 customers worldwide. He lists Peloton, Sonos, T-Mobile as customers on his website. Based on the indicated figure of “around 2.5 percent”, the number of affected customers could approach 400.

SERVICES PROVIDED TO THE FCC

Okta's customers include FCC, the US government agency that deals with telecommunications, responsible for US communications regulation and licensing.

As it explains on its website , the company provides FCC Okta Single Sign-on as the entry point for all of FCC's applications, including Box, Office 365, and ServiceNow, as well as any remaining legacy apps. Furthermore, Okta Lifecycle Management allows the FCC to automate the process of provisioning and deprovisioning applications. The FCC also uses Okta Multi-Factor Authentication (MFA).

Finally, “Okta provided better technology overall and six times lower cost than the combination of Microsoft solutions they were using, including Active Directory Federation Services, Forefront Identity Manager and RSA,” the company explains. He adds: the security of the FCC is "particularly critical from a security standpoint as it holds a lot of sensitive information, including the financial and banking details of the licensees."

THE ATTACK ON MICROSOFT

Finally, rival Microsoft also ended up in the crosshairs of hackers Lapsus $.

In Microsoft's case, the cybercriminals stole the source code of Bing, Cortana and other company projects from the internal Azure DevOps server, the one that manages developer services.

Microsoft explained to the Bleeping Computer site that they are aware of the incident and concluded its investigation from which it emerged “the confirmation of the actual violation of the computer systems by the hacker group. However, the damage was limited thanks to a timely intervention by Microsoft security personnel who managed to stop the attack. Lapsus $ was able to get limited access to a single Azure DevOps account ”.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/tutti-gli-effetti-dellattacco-hacker-allamericana-okta/ on Wed, 23 Mar 2022 14:46:18 +0000.