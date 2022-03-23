Connect with us

Hi, what are you looking for?

Business

Authentication services provider falls foul of data breach

Users of the services and platforms must be alerted to the fact that there are possible supply-chain attacks.

Published

Image by Raymangold22 / Wikimedia (CC0 1.0)
Image by Raymangold22 / Wikimedia (CC0 1.0)

A digital breach by authentication services provider Okta has occurred, sending an electronic shockwave through the cyber-systems of many firms. Behind this is the cyber extortion gang Lapsus$.

LAPSUS$, which first emerged in July 2021, has been on a hacking spree during the start of 2022.

The issue came to light after the cybercriminals uploaded screenshots and source codes of what it said were the companies’ internal projects and systems on its Telegram channel.

The hackers have recently targeted both Microsoft and Okta, causing concern for companies across many industries. It is perhaps unsurprising that many businesses remain concerned about the future ramifications of the Okta breach.

Working his way through the electron discharge for Digital Journal is Mike DeNapoli, lead security architect of Cymulate.

DeNapoli outlines the associated risks: “Any successful attack against a service provider or software developer can have further impact beyond the scope of that initial attack.”

To be vigilant, DeNapoli says: “Users of the services and platforms must be alerted to the fact that there are possible supply-chain attacks that will need to be defended against.”

Types of supply chain attacks include:

  • Compromised software building tools or updated infrastructure.
  • Stolen code-sign certificates or signed malicious apps using the identity of dev company.
  • Compromised specialized code shipped into hardware or firmware components.
  • Pre-installed malware on devices (cameras, USB, phones, etc.)

And with the specific incident, DeNapoli establishes: “While the Okta attack appears to have been against a contractor – limiting but not removing the possibility of follow-on attacks – recent attacks by the same group against Nvidia and Microsoft (among others) have shown that threat actors are most definitely directly targeting software devs and service providers.”

The motivation behind these attacks is “both to embarrass and extort payment from the companies attacked”, says DeNapoli, as well as “to provide those threat actors – and others willing to pay them – with access to source code to alter and create other monumentally dangerous forms of threat activity to the original company and all of their customers.”

In this article:Cyberattack, Microsoft, Okta, Platforms, Supply chain
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Activists say homelessness in New York City is at its highest level since the Great Depression of the 1930s Activists say homelessness in New York City is at its highest level since the Great Depression of the 1930s

World

‘Always on alert’: surviving homelessness in New York City

The dangers facing America's homeless were highlighted earlier this month when a man murdered two homeless men.

16 hours ago
Canada is concerned about Russian threats to its Arctic regions, which include Ellesmere Island -- seen here in this March 2017 image taken during a NASA flyover Canada is concerned about Russian threats to its Arctic regions, which include Ellesmere Island -- seen here in this March 2017 image taken during a NASA flyover

World

Canada’s Arctic security moves to forefront after Russian invasion of Ukraine

Canada's chief of the defense staff, General Wayne Eyre, has warned that "much more effort" is needed to bolster domestic security.

16 hours ago
Philippine social media has exploded with support for presidential election favourite Ferdinand Marcos Junior Philippine social media has exploded with support for presidential election favourite Ferdinand Marcos Junior

Social Media

Marcos heir wins Philippine election misinformation race

Philippine social media has exploded with support for presidential election favourite Ferdinand Marcos Junior, driven by a misinformation campaign.

18 hours ago
Ukrainian President Volodymyr Zelensky stuns the US Congress with a speech comparing the bombardment of Ukrainian cities to the attack on Pearl Harbor that drew the United States into World War II as well as the September 11, 2001 terror attacks Ukrainian President Volodymyr Zelensky stuns the US Congress with a speech comparing the bombardment of Ukrainian cities to the attack on Pearl Harbor that drew the United States into World War II as well as the September 11, 2001 terror attacks

World

‘Prove you’re with us’: Zelensky’s rousing calls to Western MPs

Ukrainian President Zelensky has won standing ovations in parliaments across the West with impassioned addresses from wartime Kyiv.

14 hours ago