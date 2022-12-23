



Identity management software vendor Okta has been hit for the fourth time this year after some of the company’s source code was stolen from a private Github repository hacked earlier this month.

Okta suffered its fourth major cyberattack this year (Photo: T. Schneider/Shutterstock)

Security researchers believe the frequency of attacks against the company reflects the value of the data they hold, rather than the security flaws inherent in the system. However, as each attack exposes the Oktas infrastructure, the likelihood of a large-scale supply chain attack similar to the 2020 Solarwinds breach increases.

How the Latest Okta Breach Happened

Github alerted Okta to suspicious activity on company accounts earlier this month.

A security alert sent by Oktas Chief Security Officer David Bradbury and confirmed by Bleeping Computer confirmed the incident. Upon investigation, we concluded that such access was used to copy his Okta code repository.

Okta said the impact of the attack has been limited so far. Our investigation concluded that there was no unauthorized access to Okta services and no unauthorized access to customer data. Okta does not rely on confidentiality of source code for the security of our services. Okta services remain fully functional and secure.

The company says the impact of the breach is limited to the Okta Workforce Identity Cloud code repository, which contains no customer data. His Okta statement added that the event had no impact on his other Okta products and was in contact with customers.

Misfortune Befalls Okta

This is Okta’s fourth cybersecurity incident in recent months. In September, Okta-owned authentication service Auth0 suffered a similar attack. The hacker has informed Okta that he has a copy of a particular Auth0 code repository that dates back to October 2020. Again, Auth0 claimed at the time that there was no unauthorized access due to loss of code.

Also in August, security firm Group-IB released a report on an attack campaign named 0ktapus. It apparently targeted the messaging app Signal using Okta credentials. At the time, 1,900 users reported that his account may have been hacked. Perpetrators used Okta data to bypass multi-factor authentication, the report explains.

Okta’s most high-profile breach occurred in March, when the company was subjected to a cyberattack by hacking gang Lapsus$. At the time, the gang, who was committing crimes against big tech companies, claimed to have accessed Oktas’ internal systems by posting pictures of the system on his Telegram channel.

Why is Okta targeted by hackers?

Oktas cloud-based software helps businesses build secure authentication and identity control systems for their apps and connected devices. The company reported $1.3 billion in revenue last year and has rapidly grown its user base in recent years with its acquisition of Auth0 earlier this year. It works with over 10,000 organizations and was recently awarded a contract to provide digital identity services to the U.S. military.

Due to the nature of Oktas’ work, we process vast amounts of valuable data about our users, covering personal and professional information provided and obtained from third party sources. This is of great value to criminals trying to launch attacks using stolen identities.

Raj Samani, senior vice president and chief scientist at security firm Rapid7, argues that this, and not the company’s security, is likely responsible for the frequency of breaches. their customers. That’s the organization most likely to face targeted attacks, he told his Tech Monitor.

Other factors make Okta an attractive target, said Bharat Mistry, UK and Ireland head of security firm Trend Micro.

Being able to hack into Okta and get your credentials, he said, will open the door to a variety of platforms. Okta isn’t just used in the cloud, it’s also used elsewhere. Wherever identity intermediation is required, perhaps he is Okta being used.

What would be the consequences of such an attack?

This kind of access to so many different organizations could lead to supply chain attacks, similar to what hit managed services provider Solarwinds. In doing so, hackers who compromised the MSP’s systems were able to access customers, including US government agencies.

such an attack [on Okta] Mistry claims it could surpass Solarwinds. Not everyone uses Solarwinds as enterprise his grade not the same. But with the Oktas range, the results can be devastating. Identity is at the heart of everything and Okta stands out in that area.

With this in mind, the breaches the company continues to suffer may be information-gathering missions in part, said Hana (correct spelling) Darley, head of threat research at security firm Darktrace. said.

Multiple breaches affecting the same organization, as is the case with Okta, indicate that attackers are using information or credentials stolen in a single breach and attempting to regain access through alternate routes. It could indicate that, says Darley. A hacker with access to the source code, even if it has been modified, means that they can study the core logic of the code and gain insight into the operation of an organization’s backend infrastructure.

Understanding a company’s underlying systems is essential to launching an attack on the supply chain, Mistry adds. If you understand how Okta does this sort of thing, if you understand the mechanism behind it, usually encryption, etc., then you can understand how it can be broken and actually You can start targeting those loopholes in the future, he says. Its appeal is not only for regular cybercriminals, but for nation-state hackers as well.

Sources 1/ https://Google.com/ 2/ https://techmonitor.ai/technology/cybersecurity/okta-cyberattack-digital-identity

