How the Okta Cross-Tenant Impersonation Attacks Succeeded
DarkReading
|
Contributed by: Bill Russell
Summary
Sophisticated attacks sparking concerns for multifactor authentication (MFA) reliant organizations, especially using Okta. Attacks targeting U.S. hospitality industry, notably MGM Resorts, causing substantial losses. MGM yet to disclose attack extent; hacker group ALPHV (alias BlackCat) claimed responsibility, MGM daily losses around $8.4 million, Caesars paid $15 million ransom. Identity attacks increasingly threatening organizations, methods evolve, including strategies against identity and access management (IAM) systems. Even with Okta, security not guaranteed due to persistent account takeovers, privilege escalation threats. MFA, while useful, not impervious to attacks. Recent incidents involved tactics like privileged user account access, anonymizing proxy services, privilege escalation, impersonation via second identity provider, and username manipulation. Tactics underline need for robust identity threat detection and response measures. IAM best practices include least privilege, regular auditing, conditional access policies. No solution guarantees absolute security. ITDR strategies, user education, and best practices are key for organizational protection due to serious financial and reputational risks.
