Okta says Lapsus$ incident was actually a brilliant zero trust demonstration

2022-06-22 07:58

Okta has completed its analysis of the March 2022 incident that saw The Lapsus$ extortion crew get a glimpse at some customer information, and concluded that its implementation of zero trust techniques foiled the attack - and that its outsourced customer service provider Sitel was largely to blame for the confusion surrounding the incident.

Winterford explained that the incident started in January when an Okta analyst observed a Sitel support engineer attempting to reset a password - but did so from outside the expected network range, did not attempt to fulfil a multifactor authentication challenge, and requested the new login details be sent to a Sitel email address managed under Microsoft 365 rather than the expected Okta address managed under Google Workspaces.

Okta can see what happens in the virtual desktops it provides to Sitel engineers, and in the Workspaces it provides to those engineers.

"We initially took their word that this compromised account had been contained very quickly, and that there was zero impact to Okta or its customers," Winterford recalled.

Okta was not satisfied with Sitel's actions and has parted ways with the company over the incident.

Winterford said Okta acknowledges its initial response to Lapsus$'s allegations made it possible to conclude Okta was not taking responsibility for the compromise at Sitel.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/22/okta_lapsus_zero_trust_explanation/

#lapsus #okta #zerotrust