The Very Serious Okta Breach and the Arrest of the Lapsus$ Ransomware Gang
The recent breach of the industry-standard, cloud-based single sign-on (SSO) authentification service provider Okta is important because:
- the SSO software is so broadly used by a variety of Fortune 1000 companies and third-party vendors, the breach creates a potentially vast attack surface for companies, large and small.
- The company response by Okta is a case study on how not to manage a serious breach.
- The alleged attribution to the Lapsus$ ransomware gang connects the breach as the potential point of access of a long list of high profile recent hacks of major international companies, including Nvidia, Electronic Arts, and Microsoft; and
- Previously underestimated by both the hacker and research communities due to the parochial nature of some of their hacking techniques, the Lapsus$ modus operandi (and the success rate and scale of their attacks) are now shedding light on a variety of previously discounted vulnerabilities and potential attack surfaces.
The San Francisco-based Okta, Inc. is self-described on its website as the “identity provider for the internet” with more than 15,000 customers on its platform.
The recommendation is that organizations review their operational relationship (and that of their vendors) to the Okta ecosystem of OSS platforms and products. Again, these hacking techniques are not highly technical but, when successful, are of major consequence. The Okta breach and the Lapsus$ ransomware hacks also further reinforce the importance of multi-factor authentication over the ease of use SS0.
OODA is here to help. OODA members can contact us by replying to any of our emails or using this form.
Following is a timeline of the Okta Breach and the Lapsus$ ransomware rampage, concluding with technical guidance and recommendations gleaned from a handful of ongoing technical investigations underway by Okta, Microsoft, Nvidia, etc.
Want more insight? Log in for the full report
Already a member? Sign in to your account.
OODA Loop provides actionable intelligence, analysis, and insight on global security, technology, and business issues. Our members are global leaders, technologists, and intelligence and security professionals looking to inform their decision making process to understand and navigate global risks and opportunities.
You can chose to be an OODA Loop Subscriber or an OODA Network Member. Subscribers get access to all site content, while Members get all site content plus additional Member benefits such as participation in our Monthly meetings, exclusive OODA Unlocked Discounts, discounted training and conference attendance, job opportunities, our Weekly Research Report, and other great benefits. Join Here.
For more information please click here. Thanks!
Already a member? Sign in to your account.
Black Swans and Gray Rhinos
Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis
Explore OODA Research and Analysis
Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop
The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence
We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech
Security and Resiliency
Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency
The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community