• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Okta CSO: Lapsus Incident Was “Embarrassing”

You are here: Home / General Cyber Security News / Okta CSO: Lapsus Incident Was “Embarrassing”
March 24, 2022

The chief security officer (CSO) of authentication seller Okta has discovered a lot more particulars of an incident that may perhaps have authorized hackers to steal sensitive data from clients.

In a blog site submit yesterday, David Bradbury mentioned that the aid engineer whose laptop computer was hijacked for 5 times by the Lapsus group was operating for contractor Sitel.

Even though the gadget was owned and managed by the firm, the danger actors managed to get hold of remote entry to it through RDP, he spelled out.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“The scenario listed here is analogous to going for walks absent from your computer at a espresso store, whereby a stranger has (pretty much in this situation) sat down at your equipment and is employing the mouse and keyboard,” he extra.

“So although the attacker by no means gained access to the Okta company through account takeover, a equipment that was logged into Okta was compromised and they ended up equipped to get screenshots and command the machine by the RDP session.”

Lapsus shared screenshots of the machine’s desktop last weekend, apparently revealing extensive-ranging access to Okta’s inside units. Bradbury admitted that this was “embarrassing for myself and the whole Okta team” and explained the business should have acted more quickly once it obtained a report on the incident from Sitel last week.

Having said that, he played down the importance of the “superuser” accessibility the hackers had been capable to gain.

“The the vast majority of guidance engineering tasks are performed utilizing an internally-crafted software known as SuperUser or SU for small, which is utilized to conduct standard management features of Okta customer tenants,” Bradbury explained.

“This does not offer ‘god-like access’ to all its users. This is an software crafted with the very least privilege in thoughts to be certain that assist engineers are granted only the distinct accessibility they call for to execute their roles. They are not able to make or delete consumers. They simply cannot download consumer databases. They cannot obtain our supply code repositories.”

That tends to make less probable a idea that Lapsus experienced been ready to use the Okta entry to exfiltrate and leak data on victims, like Microsoft, Nvidia, Vodafone and Samsung not too long ago.

A Microsoft blog released this 7 days suggested that insider access at these companies may well have been the original menace vector.

Bradbury repeated that 2.5% of Okta shoppers ended up impacted by the incident, amounting to 366 companies.


Some elements of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «researchers trace lapsus$ cyber attacks to 16 year old hacker from england Researchers Trace LAPSUS$ Cyber Attacks to 16-Year-Old Hacker from England

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Okta CSO: Lapsus Incident Was “Embarrassing”
  • Researchers Trace LAPSUS$ Cyber Attacks to 16-Year-Old Hacker from England
  • IBM launches multi-cloud key management service
  • Over 200 Malicious NPM Packages Caught Targeting Azure Developers
  • VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control
  • Prison for New Orleanian who Exploited Patients’ Stolen Data
  • US and Canada Collaborate to Tackle Cybercrime
  • #IMOS22: Leeza Garber Explains How to Hire the Human Element
  • West Blocks Russia’s Access to Weather Data
  • DeadBolt Ransomware Resurfaces to Hit QNAP Again

Copyright © TheCyberSecurity.News, All Rights Reserved.