Exploit: Credential Compromise (Supply Chain Risk)
Okta: Identity and Access Management Solutions
Risk to Business: 1.299 = Extreme
Lapsus$ also pulled off another high-profile attack, this time against access management company Okta. Lapsus$ announced that it had breached Okta’s security in January on March 22. Supporting the claim, the group published screenshots related to Okta’s internal apps and systems. This one had a bit of a bumpy acknowledgment process by Okta who originally said no customer data was accessed but later clarified, saying “a small percentage of customers – approximately 2.5% – have potentially been impacted and (their) data may have been viewed or acted upon.” A third-party service provider’s previous breach likely also played a part in the incident. No specifics on the data were given. As we stated above, Lapsus$ is typically involved in ransomware operations but no details of any ransomware activity have been reported.
NOTE: Lapsus$ hackers were allegedly detained by UK police following these incidents.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Customers’ Business Cybercriminals know that service providers are a quick avenue to exploit vulnerabilities that may allow them to penetrate a bigger company’s security.
Source: bleeping computer