AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Okta: social engineering attacks targeting IT help desks to gain control of privileged accounts and disable MFA

Details of the attack and recommendations for protecting privileged accounts

Okta, an identity and access management company, has revealed a series of targeted attacks on their customers' IT service desks in the US. Attackers used social engineering to gain control over privileged accounts. Okta suggests implementing new security measures, such as phishing-resistant authentications, to protect privileged accounts.

This pill is also available in Italian language

Identity and access management company, Okta, recently issued an alert regarding a series of targeted attacks on their customers' IT service desk agents in the United States. Attackers attempted to leverage social engineering to trick agents into resetting multi-factor authentication (MFA) for highly privileged users in order to gain control of Okta Super Administrator accounts.

Attackers' methods and actions taken

Attackers have adopted various strategies to achieve their goal. Before contacting the targeted organization's IT service desk, the attackers had passwords for privileged accounts or were able to manipulate the authentication flow through Active Directory (AD). Once a Super Administrator account was compromised, threat actors used anonymized proxy services, new IP addresses, and new devices to bypass security measures.

Hacker activities and ways to protect yourself

Once hackers gained privileged access, they elevated privileges for other accounts, changed registered authenticators, and even removed two-factor authentication (2FA) protection for some accounts. They also set up a second identity provider to access applications within the compromised organization by impersonating other users. To protect against external actors, Okta recommends implementing phishing-resistant authentications such as Okta FastPass and FIDO2 WebAuthn, requiring reauthentication for privileged access to applications, using advanced authenticators for self-service recovery by limiting them to trusted networks, and improving help desk view controls, such as manager approval and MFA challenges.

Further information and recommended safety measures

In the alert, Okta provides additional indicators of compromise such as system log events and workflow patterns that indicate malicious activity during the attack. The company also recommends enabling and testing alerts for new devices and suspicious activity, limiting super administrator roles, implementing privileged access management and delegating high-risk tasks, and requiring administrators to log in from managed devices with phishing-resistant MFA and restrict access to trusted zones. By following these security measures, organizations can reduce the risk of their privileged accounts being compromised and better protect the security of their identities and sensitive data.

Follow us on Google News for more pills like this

09/04/2023 18:20

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon