Cloud identity and access management provider Okta has confirmed that it's investigating a potential breach after the LAPSUS$ hacking group posted screenshots of what appears to be the back-end of Okta’s systems.
In a statement, Okta official Chris Hollis said the breach could be related to an earlier incident in January, which was contained. Okta had detected an attempt to compromise the account of a third-party customer support engineer at the time, said Hollis.
“We believe the screenshots shared online are connected to this January event,” he said. “Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January”.
Growing attack surface leads to increasing security concerns
A hack at Okta could have major consequences because thousands of other companies rely on the San Francisco-based firm to manage access to their own networks and applications.
Oliver Pinson-Roxburgh, CEO at Bulletproof, said: “As the gatekeeper to the networks and data of thousands of organisations, a breach at Okta would have significant consequences. Even before the veracity of such an incident is confirmed, it is imperative for businesses to take proactive steps now - any delay risks the potential attack spreading. Businesses should be monitoring for any bad actors and compromised systems, and should any be found, containing the impact and working to restore normal operations as swiftly as possible.
Pinson-Roxburgh explained that as businesses become even more interconnected with partners and suppliers, the potential attack surface grows. Research from Bulletproof has shown that up to 40% of cyber threats are now occurring indirectly through the supply chain.
“It is worth remembering that major cyber incidents can often stem from the simplest of vulnerabilities. Our research shows that hackers are still successfully using default credentials when attempting to gain access to systems. Addressing these small changes in cyber hygiene can have a major impact on an organisation’s readiness to defend against a cyber attack,” he added.
Continuing supply chain cyber risks
Okta was named by Gartner as a Leader in its Magic Quadrant for access management and has been for five years running. The Okta Identity Cloud enables organisations to securely connect the right people to the right technologies at the right time.
More than 15,000 organisations, including JetBlue, Nordstrom, Siemens, Slack, Takeda, Teach for America, and Twilio, trust Okta to help protect the identities of their workforces and customers.
Oz Alashe, CEO of CybSafe and Chair of the UK government’s DCMS Industry Expert Advisory Group on cyber resilience: “The potential attack on Okta is a striking reminder of the supply chain's cyber risks. Cybercriminals will often identify the route of least resistance. An authentication tool such as Okta provides the opportunity to breach hundreds of large enterprises in one sweep.
“Securing networks, data and people is a challenge for organisations. The threat of proprietary data loss via third parties adds an additional layer of complexity to the equation. Potential breaches like this highlight the importance of making sure suppliers adhere to the same security principles if they wish to work with large global organisations.
“Organisations rely on third-party tools more than ever before. It’s not enough for businesses to only consider the security of their own internal systems. Data security must be a critical component of the due diligence process when selecting third party suppliers. Supply chains must be treated with the caution and care the threat merits.
“While Okta’s investigation is ongoing, it's important the security community doesn't jump to conclusions and harass its security team at this challenging time.”