Privileged User Compromise
Privileged User Compromise
In early 2022, the criminal hacking group Lapsus$, allegedly run by a teenager from Oxford, England, boasted publically that it had successfully hacked Okta, a single sign-on provider used by thousands of organizations and governments worldwide. Lapsus$ gained access to a “super user” administrative account for Okta via a third-party support engineer and had access to the employee’s laptop for five days, including privileged access to some Okta systems. The cybercrime group posted about the attack on its Telegram channel, even going so far as to post screenshots showing it was inside Okta’s systems. But it wasn’t after Okta, exactly — the real targets were Okta’s thousands of customers. A week later, the hacking group added 15,000 followers to their Telegram channel, raising fears that more attacks are imminent.
What you need to know: It’s widely accepted that many serious data breaches can be traced back to the abuse of privileged credentials. These are accounts with elevated privileges, such as users with domain administrator rights or root privileges. Attackers are increasingly using privileged user credentials to access an organization’s resources and information and exfiltrate sensitive data. An attacker that gains access to privileged user credentials can take control of an organization’s infrastructure to modify security settings, exfiltrate data, create user accounts and more, all the while appearing legitimate — and therefore harder to detect
Comments
Post a Comment