‘Okta’ Data Breach – 23/03 Update
March 23, 2022
‘Okta’ Data Breach – 23/03 Update
‘Okta’ has published an updated statement regarding the incident. The statements are updated frequently and can be found on ‘Okta’s official blog.
Meanwhile, Microsoft – who has also fallen victim to ‘LAPSUS$’s attacks – has addressed the recent spike in cybersecurity incidents caused by the threat group ‘LAPSUS$’ and provided risk mitigation recommendations for their own customers.
Mitigation
Microsoft has issued mitigation steps for all of their costumers. CYREBRO urges all clients to implement these recommendations as soon as possible:
- Require Multifactor Authentication (MFA) for all users coming from all locations, including trusted environments such as from on-premises networks.
- Leverage more secure implementations such as FIDO Tokens, or the ‘Microsoft Authenticator’ with number matching.
- Avoid telephony-based MFA methods.
- Implement Azure AD Password Protection to ensure that users aren’t using easily-guessed passwords.
- Leverage passwordless authentication methods such as Windows Hello for Business, Microsoft Authenticator, or FIDO tokens.
Additionally, Microsoft urges customers to AVOID the following practices:
- Use of weak MFA factors such as text messages, simple voice approvals, simple push, or secondary email addresses.
- Setting up location-based authentication exclusions.
- Allowing credential or MFA factor sharing between users.
CYREBRO continues following the incidents and events as they develop and will keep clients updated.
References: ‘Okta’ blog, Microsoft Security Blog.