Okta Accounts Under (Another) Attack

In recent weeks, a concerning trend has emerged, culminating in the potential breach of Okta customers’ accounts.

On April 16th, Cisco Talos Intelligence Group reported a significant uptick in brute force attacks targeting various entities, primarily VPN providers. Brute force attacks, for the uninitiated, involve systematically attempting different combinations to gain unauthorized access to accounts. Hackers often employ automation tools like bots, and sometimes use pre-breached passwords achieved through past successful phishing attacks.

It appears that the infrastructure identified by Cisco Talos has been repurposed for targeting Okta accounts, yielding some degree of success. Since April 19th, Okta has detected these attacks on their users’ accounts, noting their characteristic use of anonymizing tools like TOR.

In what is potentially another security compromise for the SSO giant, Okta has yet to disclose the extent of compromised accounts. In their website, Okta acknowledged that a subset of customers with similar configurations experienced suspicious activity. Okta has advised users to consider upgrading their subscriptions and has recommended additional security measures such as enforcing Multi-Factor Authentication (MFA) and robust password policies. First, that would cost users more money. Second, as we’ve seen in former blog posts, it's evident that these traditional defenses are not foolproof.?

Enter UNIXi—a solution that would have prevented this debacle entirely. UNIXi’s Universal Single Sign-On (USSO), fortified by our credential protection technology, renders brute force attacks all but futile. Regardless of whether hackers attempt to anonymize their efforts through TOR, or direct them through VPNs or other methods, UNIXi safeguards against them in the same way and with the safe efficiency. UNIXi's USSO protects all web-based applications—no integration required, and at no extra cost.

In summary, while the recent breach underscores the vulnerabilities inherent in traditional security measures, UNIXi offers a robust solution that fortifies organizations against such threats comprehensively.