Okta Warns of Social Engineering Attacks Targeting U.S. Companies
Okta, a prominent identity and access management (IAM) provider, has cautioned about a recent surge in social engineering attacks targeting several U.S.-based companies. Despite Okta's systems remaining unbreached, four of its customers fell prey to these sophisticated attacks this summer.
The masterminds behind these campaigns appeared to possess valid credentials or manipulated the authentication process via Active Directory. They then contacted IT service desks, persuading personnel to reset multifactor authentication factors for highly privileged users. This modus operandi was consistent across multiple organizations, with the ShinyHunters group and affiliates like Yukari, Rey, and Sevy linked to these attacks.
Okta itself endured a phishing attack and a breach last year, with its GitHub source code stolen. However, Okta's systems were not compromised in the recent social engineering attacks. The company urges customers to adopt phishing-resistant authentication, limit highly privileged account usage, and scrutinize any anomalous activity to mitigate these risks.
Okta's warning underscores the persistent threat to IAM and single sign-on (SSO) solutions from social engineering attacks. While Okta's systems remained secure, the compromise of four customer accounts underscores the necessity for robust security measures and vigilance against these types of attacks.
Read also:
- China's Automotive Landscape: Toyota's Innovative Strategy in Self-Driving Vehicles
- Strengthening Defense Against Combined Cyber Threats during the Age of Technological Autocracy
- Nissan Fortifies Supply Chain and Cybersecurity with KPMG, PwC Partnerships
- Enlarged Financial Plan of MGM Osaka Integrated Resort Surpasses $10 Billion Mark
