There's been another development in the Lapsus$ saga

Date:
Tue, 29 Mar 2022 03:30:27 +0000

Description:
Okta has acknowledged that it made a mistake in how it handled the Lapsus$ attack on one of its service providers.

FULL STORY ======================================================================

The identity management software firm Okta has admitted that it made a
mistake in the way in which it handled an attack on one of its suppliers by the data extortion hacking group Lapsus$ .

In a recently published FAQ , the company provided a full timeline of the incident beginning on January 20 when it first learned that a new factor was added to a Sitel employees Okta account from a new location. For those unfamiliar, Okta uses Sitel to provide some customer support services to its users. TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.

Click here to start the survey in a new window <<

While the attempt to add a new factor was unsuccessful, Okta still went ahead and reset the account in question and notified Sitel regarding the matter by sharing indicators of compromise with the company. From here, Sitel informed Okta that it had retained outside support from a leading forensic firm.

According to Okta, the company's mistake involved believing that Sitel had shared all of the information it had on the incident and letting Sitel's forensic firm carry out its own investigation. Instead, Okta should have pressed Sitel for more information as the company is its service provider for which it is ultimately responsible. Investigation results

The forensics firm hired by Sitel delivered its report to the customer
support company on March 10 but it wasn't until a week later on March 17 that Okta received a summary report about the incident from Sitel.

A few days later though, Lapsus$ published screenshots on its Telegram
channel claiming that they depicted Oktas company environment, including internal tickets and in-house Slack chats. It was on this same day that Okta finally received the full report commissioned by Sitel which concluded that there was a five-day period between January 16-21, where an attacker had access to Sitel. Read More

Everything we know about Lapsus$ and Okta so far

The Microsoft source code breach may be much bigger than we thought

This British teenager is apparently the mastermind behind Lapsus$

Okta provided further details on the incident itself and how it would respond now with all of the information in hand in its FAQ, saying:

In January, we did not know the extent of the Sitel issue only that we detected and prevented an account takeover attempt and that Sitel had
retained a third party forensic firm to investigate. At that time, we didnt recognize that there was a risk to Okta and our customers. We should have
more actively and forcefully compelled information from Sitel. In light of
the evidence that we have gathered in the last week, it is clear that we
would have made a different decision if we had been in possession of all of the facts that we have today.

While Okta says that it is confident that its own service has not been breached, the Lapsus$ group is likely gearing up to hit another big name target soon despite the fact that seven of its potential operatives were recently arrested in London. We've also featured the best endpoint protection software and the best antivirus

Via The Register



======================================================================
Link to news story: https://www.techradar.com/news/theres-been-another-development-in-the-lapsusdo llar-saga/


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)