In early September, your SensCy team shared with you some information and remediation tips regarding security flaws in the Identity and access management company Okta that could lead to social engineering attacks. at the time, the attacks were targeted towards IT services and IT support desks to trick them into resetting multi-factor authentication (MFA) for
high-privileged users, weakening the security around admin accounts.
Okta announced last week that hackers actually accessed and stole data on ALL customers during the breach. The hackers stole credentials to access Okta’s support case management system. While the original number of impacted organizations was around 1%, the new report revealed that the hacker downloaded a file containing data belonging to “all Okta customer support system users.”
Here Okta’s recommendations:
- Multi-Factor Authentication (MFA): All Okta customers secure admin access using MFA at a minimum, preferably using phishing-resistant authenticators, such as physical security keys.
- Admin Session Binding: you can now unable an Early Access feature in Okta that requires admins to reauthenticate if their session is reused from an IP address with a different ASN (Autonomous System Number).
- Admin Session Timeout: Okta is introducing Admin Console timeouts that will be set to a default of 12-hour session duration and a 15-minute idle time.
- Phishing Awareness: Okta customers should be vigilant of phishing attempts that target their employees and especially wary of social engineering attempts that target their IT Help Desks and related service providers.
If you have any questions regarding the data breach, please contact your Cyber Advocate.