Of relevance to the business-to-business world, news has come in that hackers have breached Okta’s customer support ticket system. The company disclosed that an unidentified hacking group had accessed client files through a support system.
Okta said. “Our investigation concluded that there was no unauthorised access to the Okta service and no unauthorised access to customer data,” a company statement said. “Okta does not rely on the confidentiality of its source code for the security of its services. The Okta service remains fully operational and secure.”
As a consequence of the incident, Okta’s cybersecurity breach has reportedly wiped out more than $2 billion in terms of the company’s market cap. This is the fourth cyberattack on the firm within the past 12 months.
Considering the impact of the cyberattack is Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ.
Costis explains to Digital Journal about the risks to users of Okta’s services: “Okta, the identity and access management company, has disclosed a cyberattack in which a hacker broke into its customer support ticket system, accessing sensitive customer information.”
In terms of the impact, Costis explains: “Okta provides identity management to 50 billion users, allowing employees to securely access their company’s internal systems. The hackers used stolen credentials to access contained browser recording files containing website cookies and session tokens. These tokens can be used to break into the networks of Okta’s customers.”
There remains uncertainty to the scale and timing of the security breach, as Costis notes: “Although it is unclear how Okta’s system was first compromised, this is not the company’s first security incident. This is the third breach Okta has faced since 2022. In January, a security breach by hacking group Lapsus$ resulted in the posting of Okta’s internal network, which was not disclosed until March. In December, Okta confirmed that hackers stole some of its source code”.
There are lessons for the wider industry to consider, which Costis details as: “While it is important to evaluate existing security controls to uncover any gaps hackers might exploit, a more resilient security detection and prevention system is critical for organizations that manage sensitive information.”
Spelling this out further, Costis states: “This preventative cybersecurity approach includes developing a threat-informed cyber defence strategy. By identifying the common tactics, techniques and procedures (TTPs) used by common threat actors, companies can align their defences against these specific threats, testing to see how the program responds. This will provide visibility and insight for any future ransomware attacks.”
