Okta Security Flaw

Published On: September 5, 2023Categories: Cyber Alerts

In today’s SensCy Cyber Alert, your SensCy team is reviewing a flaw in the Identity and access management company Okta that could lead to social engineering attacks. The attacks are targeted at IT services and IT support desks to trick them into resetting multi-factor authentication (MFA) for high-privileged users, weakening the security around to admin accounts.

According to Okta, threat actors are attempting to hijack highly-privileged Okta Super Administrator accounts to access the identity federation feature, allowing them to impersonate users from the organization. Once they gained admin status, the threat actors elevated privileges for other accounts, reset enrolled authenticators, and in some cases, removed the two-factor authentication (2FA) protection for some accounts.

“The threat actor was observed configuring a second Identity Provider to act as an “impersonation app” to access applications within the compromised Org on behalf of other users. This second Identity Provider, also controlled by the attacker, would act as a “source” IdP in an inbound federation relationship (sometimes called “Org2Org”) with the target” – Okta

Here are Okta’s recommendations:

  • Enforce phishing-resistant authentication using Okta FastPass and FIDO2
  • Require re-authentication for privileged app access, including Admin
  • Use strong authenticators for self-service recovery and limit to trusted
  • Streamline Remote Management and Monitoring (RMM) tools and block unauthorized
  • Enhance help desk verification with visual checks, MFA challenges, and manager
  • Activate and test alerts for new devices and suspicious
  • Limit Super Administrator roles, implement privileged access management, and delegate high-risk tasks.
  • Mandate admins to sign-in from managed devices with phishing-resistant MFA and limit access to trusted zones.

Related Posts

  • June 13, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Adobe latest release of security updates. We recommend installing those updates immediately if you are using [...]

  • June 13, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version 126 immediately. The new update patches [...]

  • June 6, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team is reviewing latest disclosure of vulnerabilities by WordPress. There were 99 vulnerabilities discovered, including 82 WordPress plugin. [...]