AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Okta: social engineering attacks targeting IT help desks to gain control of privileged accounts and disable MFA

Details of the attack and recommendations for protecting privileged accounts

Okta, an identity and access management company, has revealed a series of targeted attacks on their customers' IT service desks in the US. Attackers used social engineering to gain control over privileged accounts. Okta suggests implementing new security measures, such as phishing-resistant authentications, to protect privileged accounts.

This pill is also available in Italian language

Identity and access management company, Okta, recently issued an alert regarding a series of targeted attacks on their customers' IT service desk agents in the United States. Attackers attempted to leverage social engineering to trick agents into resetting multi-factor authentication (MFA) for highly privileged users in order to gain control of Okta Super Administrator accounts.

Attackers' methods and actions taken

Attackers have adopted various strategies to achieve their goal. Before contacting the targeted organization's IT service desk, the attackers had passwords for privileged accounts or were able to manipulate the authentication flow through Active Directory (AD). Once a Super Administrator account was compromised, threat actors used anonymized proxy services, new IP addresses, and new devices to bypass security measures.

Hacker activities and ways to protect yourself

Once hackers gained privileged access, they elevated privileges for other accounts, changed registered authenticators, and even removed two-factor authentication (2FA) protection for some accounts. They also set up a second identity provider to access applications within the compromised organization by impersonating other users. To protect against external actors, Okta recommends implementing phishing-resistant authentications such as Okta FastPass and FIDO2 WebAuthn, requiring reauthentication for privileged access to applications, using advanced authenticators for self-service recovery by limiting them to trusted networks, and improving help desk view controls, such as manager approval and MFA challenges.

Further information and recommended safety measures

In the alert, Okta provides additional indicators of compromise such as system log events and workflow patterns that indicate malicious activity during the attack. The company also recommends enabling and testing alerts for new devices and suspicious activity, limiting super administrator roles, implementing privileged access management and delegating high-risk tasks, and requiring administrators to log in from managed devices with phishing-resistant MFA and restrict access to trusted zones. By following these security measures, organizations can reduce the risk of their privileged accounts being compromised and better protect the security of their identities and sensitive data.

Follow us on Google News for more pills like this

09/04/2023 18:20

Editorial AI

Last pills

Serious vulnerability discovered in Rabbit R1: all user data at riskVulnerability in Rabbit R1 exposes sensitive API keys. What are the privacy risks?

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their kneesNew ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackers

Patelco Credit Union: security incident halts customer services in CaliforniaService disruption and customer frustration: Patelco Credit Union works to resolve security incident

Cyber attack on TeamViewer: immediate response and investigations underwayStrengthened security measures and international collaborations to counter the cyber threat