1Password Thwarts Hacking Attempt Linked to Okta Breach
Vaibhav Pandya
Chief Information Security Officer | Cybersecurity Strategy | GRC | Cloud & Data Security | Enterprise Risk Management | Digital Transformation | Cybersecurity Resilience Expert,CISSP? CCISO? ITIL? PRINCE2? ISO 27001
1Password, a popular password manager, detected suspicious activity on its Okta instance in September, following the Okta support system breach. The company investigated the incident and found no evidence that any user data was accessed.
The threat actor is believed to have gained access to the Okta instance by compromising a session cookie after a member of the 1Password IT team shared a HAR file with Okta support. The threat actor then attempted to access the IT team member's user dashboard, but was blocked by Okta. The threat actor then updated an existing IDP tied to 1Password's production Google environment, activated the IDP, and requested a report of administrative users.
1Password was alerted to the malicious activity after the IT team member received an email about the "requested" administrative user report.
1Password has since taken a number of steps to bolster security, including denying logins from non-Okta IDPs, reducing session times for administrative users, tightening multi-factor authentication (MFA) rules for admins, and decreasing the number of super administrators.
1Password believes that the incident shares similarities of a known campaign where threat actors compromise super admin accounts, then attempt to manipulate authentication flows and establish a secondary identity provider to impersonate users within the affected organization.
The incident comes after Okta revealed that unidentified threat actors leveraged a stolen credential to break into its support case management system and steal sensitive HAR files that can be used to infiltrate the networks of its customers.
Analysis:
This incident is a reminder of the importance of cybersecurity for organizations of all sizes. Threat actors are constantly developing new methods of attack, and it is essential for organizations to have robust security measures in place.
1Password's response to the incident is commendable. The company quickly investigated the incident and took steps to remediate the vulnerability and bolster security.
Organizations should also review their own security practices and take steps to mitigate the risk of similar attacks. This includes implementing strong MFA requirements, educating employees about cybersecurity best practices, and regularly monitoring for suspicious activity.
领英推荐
Join the cause:
Join me in this cause to raise awareness about cybercrime prevention and protect ourselves and our loved ones online. Together, we can make the internet a safer place for everyone.
Call to action:
Share this article with your friends and family, and encourage them to take steps to protect themselves from cybercrime.
#security?#work?#design?#cyberawareness?#cybercrime?#cyberhygiene?#soc?#ciso?#cio?#cissp?#ceh?#riskassessment?#isms?#pcidss?#compliance?#cybersecurity?#startup?#ransomware?#threatintelligence?#threathunting?#technology?#projects?#maintenance?#opportunities?#administration?#riskmanagment?#cybersecurity?#supplychainresilience?#data?#digital #vCISO
?
Sources
?
?