Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Okta Data Breach. Show all posts

Cloudflare Faces Cybersecurity Breach in Okta Supply-Chain Attack



Cloudflare, a prominent Internet security and DDoS protection company, recently fell victim to a cyberattack linked to the widespread Okta supply-chain campaign last fall. The breach, affecting Cloudflare's Atlassian Bitbucket, Confluence, and Jira platforms, commenced on Thanksgiving Day.

Cloudflare, in collaboration with industry and government partners, determined that a nation-state attacker aimed to gain persistent and widespread access to its global network. Working with CrowdStrike, the company found that cyber attackers initially accessed the internal wiki (Confluence) and bug database (Jira). They later established persistence on the Atlassian server and proceeded to explore potential points of entry. The assailants successfully breached Cloudflare's source code management system (Bitbucket) and an AWS instance.

The analysis revealed the attackers sought information about the configuration and management of Cloudflare's global network. They accessed various Jira tickets related to vulnerability management, secret rotation, MFA bypass, network access, and the company's response to the Okta incident. Fortunately, due to network segmentation and a zero-trust authentication approach limiting lateral movement, the attackers were largely prevented from accessing critical systems.

Despite minimal access, Cloudflare took comprehensive measures, rotating over 5,000 production credentials, segmenting test and staging systems, and conducting forensic triages on nearly 5,000 systems. The company also reimaged and rebooted every machine in its global network and all Atlassian products.

Experts emphasise the severity of supply chain attacks, highlighting the risk of non-human access being exploited by attackers to gain high-privilege access to internal systems. This breach underscores the importance of monitoring both cloud-based and on-premises solutions.

Notably, Cloudflare identified the compromise's connection to a prior Okta breach in October. Okta, an identity and access management services provider, disclosed a compromise in its customer support case management system, exposing sensitive customer data. The attackers leveraged access tokens and service account credentials obtained during the Okta compromise. All threat actor access was terminated on November 24, according to CrowdStrike.

In response, Cloudflare conducted a thorough security remediation, emphasising the need for credential rotation after a security incident. Okta confirmed its prior notification to customers about the October security incident, urging them to rotate credentials and providing indicators of compromise.

This incident draws attention to the ongoing challenges posed by sophisticated cyber threats, making it clear that the importance of continuous vigilance and proactive security measures is substantial. The collaboration between companies and security experts remains crucial in mitigating the impact of such attacks.

As cybersecurity threats continue to evolve, it is imperative for organisations to stay informed, implement robust security practices, and prioritise swift responses to potential breaches.


Okta Data Breach Highlights Hackers' Untapped Gold Mine


The recent data breach at tech firm Okta has drawn attention to the risks associated with not protecting data that is rarely given top priority in terms of security, records customer service. 

The help desk system, which is used by some of the largest companies in the world, such as FedEx and Zoom, is accessed by hackers using a password that was stolen, according to a statement released by Okta on October 20. Okta provides software that other businesses use to manage login accounts. The attack on Okta, which has already cost the company $2 billion in market valuation, has the potential to spread into a more serious issue because this data occasionally contains files that can be used to secretly access the systems of Okta clients.

There are already indications of this happening. On Monday, popular password management company 1Password revealed that hackers had gained access to some parts of Okta's computer network by using data they had taken from the help-desk portal. The company notes that the brief intrusion was limited to a system that manages “employee-facing apps” and that “no 1Password user data was accessed.”

Depending on how they utilize the service and the internal systems they have connected to it, other Okta customers might be at greater risk. Gruhbhub, Tyson Foods, T-Mobile, the pharmaceutical firm McKesson, the diagnostics company LabCorp, and Main Street merchants like Crate & Barrel and Levi's are among Okta's prime customers.

According to Kyrk Storer, a spokesman for Okta, the hack of the company's help-desk portal impacted about 1% of its more than 18,000 users. These victims have now been notified of the hack, the company confirms.

Supply-chain attacks are cyber breaches that use access to one organization to target other partners, suppliers, or customers of that company. Exploiting a victim’s supply chain to reach more targets has become a popular cyberattack tactic among hackers, taking into account the digital connectivity among companies. In recent years, cyber intrusion on IT management firms like SolarWinds and Kaseya and file-transfer software manufacturer MOVEit had severe global repercussions. 

In most supply-chain assaults, hackers either discover or introduce a weakness in a popular software product, which they then utilize to access the systems of the firms that employ it. However, Okta attacks are not supported by any evidence that they involved software flaws. Instead, the hackers took advantage of extremely private consumer complaint submissions by utilizing login credentials they had obtained from a business that offered secure login software.

Customer service records are frequently mistakenly dismissed as being insignificant and obscure when compared to other types of data that companies maintain. Few organizations place the same emphasis on preserving this data as they do on safeguarding their clients' credit card information. However, a help desk system has an array of information about a business's clients and technological flaws, and the Okta attack indicates that hackers are becoming more aware of this.