Suspicious Okta Activity

 Suspicious Okta Activity 

Okta is often the gateway to enterprise applications and accounts — a fact not lost on hackers. If exploited, the SSO flaw allows hackers to abuse credentials of existing accounts for unauthorized access, persistence, privilege escalation and defense evasion. Once credentials are compromised, attackers can then bypass access controls to gain entrance to VPNs, Outlook Web Access and remote desktop. Adversaries can also use compromised credentials to elevate their privileges to certain systems or gain entry to restricted areas of the network, while also using malware to steal information and/or obfuscate their presence. In one attack scenario, hackers can take over inactive accounts of employees who have left the organization and use their credentials to gain access to critical systems for data and identify theft activities.

What you need to know: Okta is the leading single sign on provider, allowing users to authenticate once to Okta, and from there access a variety of webbased applications. These applications are assigned to users and allow administrators to centrally manage which users are allowed to access which applications. Okta also provides centralized logging to help understand how the applications are used and by whom. While SSO is a major convenience for users, it also provides attackers with an opportunity. If the attacker can gain access to Okta, they can access a variety of applications

Comments

Popular posts from this blog

Compromised Credentials

SQL Injection