Okta Hacked by Data Extortion Group
Lapsus$ revealed this month that it accessed identity and access management (IAM) platform Okta’s administrative consoles and customer data. Okta acknowledged that the incident occurred in January 2022 and released a timeline and details of the Okta hack investigation.
Kaspersky Daily suggests some steps for users impacted by the Okta hack to take to keep data safe, including:
- Step up monitoring of network activity, especially regarding authentication
- Update cybersecurity training to users
- Perform a security audit
- Restrict access to remote management from external IP addresses
- Adopt a zero-trust approach to security
PrintNightmare Vulnerability, Default MFA Give Russian State-Sponsored Actors Network Access
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a March 15, 2022, alert explaining that Russian state-sponsored actors used an account set up with default multifactor authentication (MFA) at a non-governmental organization (NGO). This allows them to enroll a new device and access the network.
Additionally, Russian state-sponsored actors also exploited the PrintNightmare vulnerability (CVE-2021-34527) to run code with system privileges, targeting an NGO.
CISA recommends mitigations, including:
- Enforce MFA for all users and disable inactive accounts
- Use time-out and lock-out features
- Make patching and updates a priority
- Ensure users have strong passwords
- Monitor networks for unusual activity or logins
NSA Warns: OpenSSL Vulnerability Can Be Weaponized
- Identify all applications and platforms that use Open SSL and patch the vulnerability as soon as possible.
Nation-State Attacks Impact the Majority of Organizations
Research by Trellix and the Center for Strategic and International Studies (CSIS) found 86 percent of organizations believe a nation-state actor has targeted them. IT decision makers at the organizations in the study estimate that the financial impact of a nation-state attack is $1.6 million. Of concern, only 41 percent of organizations have a specific strategy to deal with these attacks – and 10 percent, including critical infrastructure organizations, don’t have a formal cybersecurity strategy.
- Work with your team to develop a cyberattack response plan, including incidents involving nation-state actors
- Speak to vendors and partners about their cybersecurity strategies, particularly if they provide services upstream.
Ransomware Attacks Increased 53 Percent Month Over Month
The February Cyber Threat Pulse report from NCC Group shows a 53 percent increase in ransomware attacks from January to February 2022. NCC group points out that although Lockbit 2.0 initiated 42 percent of all ransomware attacks, Conti is the second-largest attacker group, responsible for 18 percent of attacks and increasing its activity by 200 percent from January to February.
- Read NCC’s Cyber Threat Pulse
- Ensure you and your clients follow CISA’s Ransomware Prevention Best Practices, including:
- Keep offline, encrypted backups of data and test them to ensure recoverability.
- Create a cyber incident response strategy, including notification procedures.
Common Critical SaaS Security Events Revealed
The SaaS Alerts SaaS Application Security Insights Report compiled data from 2021 to determine the most common events by severity. The three most common critical SaaS application security alerts are triggered by a login from outside a user’s approved location or IP address range, SaaS integration that indicates a third-party used account credentials, and multiple account lockouts, which may indicate a brute force attack.
Additionally, the report states that unmonitored guest user accounts, which may have originally have been intended as temporary but are often not disabled after projects are complete, may create a vector for attacks.
For more security updates and insights, visit DevPro Journal’s Security resources page.