After its investigation into the January attack, Okta said on Wednesday that the scope of the incident was “significantly smaller” than previously thought.
The attack, in which hackers gained access to a third-party customer support engineer’s laptop, lasted just 25 minutes and only affected two active customers.
The incident took place on January 21, when the Lapsus$ hacker group managed to remotely access the laptop of a Sitel customer service engineer. The attack came to light on March 22, when the cybercriminal group posted screenshots of Okta’s systems.
Low impact
According to the final report of an unnamed “globally recognized cybersecurity firm”, the group had control of a single workstation, used by a Sitel helpdesk engineer. having access to Okta resources. During the 25 minutes they had control of the workstation, the attackers accessed the data of two active clients in the SuperUser application. They also viewed limited additional information in some other apps like Slack and Jira, which cannot be used to perform actions on Okta’s customers.
Okta says the attackers were unable to successfully perform configuration changes, multi-factor authentication or password resets, or customer support “spoofing” events. He was also unable to authenticate directly to any Okta account.
“While the overall impact of the compromise has been determined to be significantly lower than we originally anticipated, we are aware of the significant impact this type of compromise can have on our customers and on the trust that they grant to Okta,” wrote David Bradbury, chief security officer at Okta, in the blog post published on Wednesday.
After the screenshots were posted on March 22, Okta announced that 366 customers had been affected. Of course, many observers have wondered why customers weren’t made aware of the incident sooner. About a week later, the company explained that it had not informed customers earlier because it “did not know the extent of Sitel’s problem”. “We did not recognize that there was a risk for Okta and our customers”, admitted the company then.
Now that the investigation is complete, Okta has given customers access to the final forensic report, along with the “Security Action Plan.”
Okta said Wednesday that it has taken various steps to improve its auditing procedures and security guarantees for contractors. For example, it will require contractors who provide support services on Okta’s behalf to adopt “Zero Trust” security architectures. Okta has also ended its relationship with Sykes/Sitel.
Additionally, Okta will now directly manage all third-party devices that access its customer support tools.
Source: ZDNet.com