Okta Lapsus$ Breach: The One Thing Every Company Needs to Do
Mar 23, 2022
Mar 23, 2022
3 minutes
The best defense against credential theft is resetting every password. Unfortunately, this is easier said than done for many companies.
Lapsus$ has made headlines again with yet another high profile breach. The incident was reported by major business and trade outlets including CNN, Gizomodo, and CNBC. After a successful attack they make unpredictable demands. In a recent Nvidia breach, the group demanded that the company remove an anti-crypto mining feature from its GPUs. The group has struck again recently claiming that it had gained access to Okta’s internal systems and posted screenshots to its Telegram channel as proof.
As reported by Wired, Lapsus$ gains access to victims through phishing attacks. It is widely known that email is the number one attack vector, and once credentials are compromised, it can go undetected for months. By some estimates, more than 81% of successful attacks involved compromised passwords. The industry’s answer to this problem has been to deploy multiple layers of security, using products such as multi-factor authentication, user behavioral analytics, and employee training.
Compromised credentials are a particularly acute problem because they are more difficult to detect. If the employee’s email is compromised, the bad actor is able to easily bypass multi-factor authentication. Passwords also tend to be reused, compromising multiple systems.
Since credentials are the objective of most attacks, a simple solution for when an attack is suspected is to simply reset every employee’s password for every system they access. This would make any stolen credentials useless. Taking it a step further would be to remove the ownership of passwords from the users and have it managed by a system. This would actually prevent most phishing attacks since users would not be able to accidentally enter their credentials on a phishing site, the most common way credentials are compromised.
Doing this, however, is easier said than done because there is no single system that knows all of a user's logins and passwords, especially for SaaS applications. Working with large and small companies, our data shows that only about 20% of passwords are stored in SSO. The simple idea of resetting every employee’s passwords for all their systems simply cannot be done because 80% of the passwords are actually not controlled by any security system. To accomplish this would require every user to update their logins and passwords manually or through whatever password management application they use. The chances of this happening is safely zero.
Lapsus$ and other hacking groups are surely planning their next attack or already have stolen credentials that they are using to steal data right now. Managing employee identities seems like a simple concept, but it is surprisingly difficult to do at scale. Security teams deal with multiple systems, and each one is incomplete. Furthermore, they have a huge blind spot as to the number of applications that employees use.
The best practices for identity management are already known. Today’s framework relies on humans to follow the rules and manage them manually. Until this changes, we are likely to read more headlines about major breaches, and security teams will scramble to see whether any of their employee credentials have been compromised. Rather than going through this type of fire drill, simply resetting every user’s password would provide companies peace of mind since any compromised credentials would be useless.
Sign up for a free SaaS security assessment to see how you can protect yours organization from these types of attacks.
Gain a complete view of your SaaS usage—including shadow SaaS and rogue cloud accounts—from an identity-centric viewpoint. See how Grip can improve the security of your enterprise.
Fill out the form and we’ll send you our Datasheet.
Give us a test drive.
Fill out the form and we’ll get in touch with you.
Fill out the form and watch webinar's video.