Release

Release

Release

Lapsus$ Cyberattack on Okta: What You Need to Know

Lapsus$ Cyberattack on Okta: What You Need to Know

Lapsus$ Cyberattack on Okta: What You Need to Know

Sep 29, 2022

Sohini Roy

The Lapsus$ cyberattack on Okta, a prominent identity and access management company, highlighted vulnerabilities in third-party vendor management. Okta's vendor, Sitel, was compromised, allowing hackers to gain access to sensitive systems through a remote device of an employee.

Key Details of the Attack:

  • Okta Overview: Okta provides cloud software that manages and secures user authentication into applications, ensuring seamless login across various platforms.

  • The Breach: On January 21, 2022, the Lapsus$ group gained access to Okta via Sitel by hacking into a remote device of one of its employees. This breach affected 366 customers, representing around 2.5% of Okta's total customer base.

  • Attack Timeline: The attack lasted for 25 minutes, allowing the hackers to access two active customer tenants, but they were unable to reset passwords or change configurations.

  • Post-Attack Report: Okta's forensic investigation suggested that the breach resulted from negligence on the part of the third-party employee. Okta's Chief Security Officer, David Bradbury, indicated that although the breach was limited in scope, the loss in trust was significant.

Lessons Learned:

  1. Limiting Data Access: Organizations should ensure that data access is restricted, allowing only necessary access to relevant employees.

  2. Employee and Customer Training: Regular cybersecurity training for employees and customers is crucial, as many attacks exploit human error.

  3. Transparent Communication: Clear and timely communication between employees, vendors, and customers is essential during incidents.

  4. System Review and Monitoring: Continuous system checks and threat detection tools must be used to prevent future attacks.

About Genesis:

Genesis is a cyber risk management platform that helps organizations manage and reduce attack surfaces, monitor cybersecurity posture, and identify vulnerabilities. With Genesis, businesses can prevent data breaches, discover third-party risks, and build proactive security programs through the use of risk scoring.

Book a demo with Genesis

See yourself how Genesis Platform Eliminated manual TPRM with AI

Get Started

Book a demo with Genesis

See yourself how Genesis Platform Eliminated manual TPRM with AI

Get Started

Genesis Platform

Genesis assists businesses in identifying and reducing their attack surface while also managing and collaborating with third parties.

Registered Office Address: Hamdan

Innovation Incubator, Dubai, UAE

Product

Resources

Whitepapers

© Copyright Genesis Platform 2024, All Rights Reserved

© Copyright Genesis Platform 2024, All Rights Reserved

Genesis Platform

Genesis assists businesses in identifying and reducing their attack surface while also managing and collaborating with third parties.

Registered Office Address: Hamdan

Innovation Incubator, Dubai, UAE

Product

Resources

Whitepapers

© Copyright Genesis Platform 2024, All Rights Reserved

© Copyright Genesis Platform 2024, All Rights Reserved

Book a demo with Genesis

See yourself how Genesis Platform Eliminates manual TPRM with AI

Book a demo with Genesis

See yourself how Genesis Platform Eliminates manual TPRM with AI

Genesis Platform

Genesis assists businesses in identifying and reducing their attack surface while also managing and collaborating with third parties.

Dubai, UAE

© Copyright Genesis Platform 2024, All Rights Reserved

Genesis Platform

Genesis assists businesses in identifying and reducing their attack surface while also managing and collaborating with third parties.

Dubai, UAE

© Copyright Genesis Platform 2024, All Rights Reserved

Book a demo with Genesis

See yourself how Genesis Platform Eliminates manual TPRM with AI

Book a demo with Genesis

See yourself how Genesis Platform Eliminates manual TPRM with AI

Genesis Platform

Genesis assists businesses in identifying and reducing their attack surface while also managing and collaborating with third parties.

Dubai, UAE

© Copyright Genesis Platform 2024, All Rights Reserved

Genesis Platform

Genesis assists businesses in identifying and reducing their attack surface while also managing and collaborating with third parties.

Dubai, UAE

© Copyright Genesis Platform 2024, All Rights Reserved