Posted on April 20, 2022 at 7:36 PM
Lapsus$ Breach Is Significantly Smaller Than Suspected, Okta Says
As Okta concludes its investigation of the Lapsus$ breach, the company has revealed that the actual impact of the attack is not as serious as previously feared. The company stated that its probe revealed that only two of its customers were affected by the breach.
The Okta hacking incident occurred on January 21 as the now notorious Lapsus$ hacking group had unauthorized access to the computer system of a Sitel customers support manager. However, the breach became public when the hacking group published screenshots of Okta’s systems.
The Impact Is Significantly Small
According to the final forensic report of an unnamed reputable cybersecurity firm, the hackers had access to a single workstation used by the Sitel support engineer. The report revealed that the group had access to Okta’s resources through the engineer’s system.
It was reported that the group had control over the system for 25 minutes. During the period, they accessed two active customer tenants in the SuperUser application. Additionally, the group looked into other information in some other applications like Jira and Slack, which cannot be utilized for any actions in the Okta customer tenants.
Okta noted that the threat actor could not carry out any changes to the configuration, and could not successfully carry out password or MFA resets, or customer support “impersonation” events. The group was also not able to authenticate directly to any Okta accounts.
Chief Security Officer of Okta, David Bradbury, stated that the overall impact of the attack has been “significantly smaller” than was initially envisaged. However, he added that the company still recognizes the impact such compromise can have on its customers and their trust. Bradbury said the Okta has taken necessary steps to offer more protection to its servers and systems and has provided more tools for third parties to secure their systems against future attacks.
Okta Explains Why Customers Weren’t Informed On Time
After the threat group released the screenshots of the attack on March 22, Okta announced that about 366 customers were impacted by the attack. Many people questioned why the company had to keep the incident from the customers until it was exposed by the threat actors. However, Okta explained that it was not able to inform customers on time because the intent of the Sitel attack was not known at the time.
“We didn’t recognize that there was a risk to Okta and our customers,” the company stated at the time.
But following the end of the investigation, Okta has provided access to customers to the final forensic report on the incident. The company has also revealed its security plan to fortify the system against future attacks.
The company said it is taking several steps to improve its security assurances and audit methods for sub-processors. The security steps are not only in-house but include third-party service providers as well.
For example, it wants to make it compulsory for sub-contractors that provide Support Services on the company’s behalf to adopt “Zero Trust” security architectures. It also announced the termination of its relationship with Sykes/Sitel. Also, Okta has planned to be directly involved in the management of all third-party devices that access its customer support tools. All these are measures the company has taken to provide a stronger security structure and prevent any future successful attacks on its systems.
The Increasing Menace Of The Lapsus$ Threat Group
The Lapsus$ hackers are relatively a new group of a hacking group that has gained a lot of popularity within a short time due to its several exploits. The group has claimed to be responsible for some of the biggest hacking incidences over the past few months, including the attack on chipmaker Nvidia as well as electronics giant Samsung.
In February, Lapsus$ claimed it broke into the servers of Nvidia and stole some critical files. The group said it had files on Nvidia GPU drivers, which could allow bad actors to convert any Nvidia GPU into a Bitcoin mining system.
One week after the incident, the group claimed to be responsible for the hacking of Samsung where 190GB of data was stolen. The group has also claimed to have been responsible for the recent hack on Microsoft and Okta, as both companies confirmed that their data was breached on March 22.
The increasing menace of the group has got companies and cybersecurity organizations on their toes when it comes to securing networks and servers. Authorities are also seriously working with security experts to fish out those behind the group. Last month, authorities in the UK arrested some people in connection with the Lapsus$ gang.