Security News > 2023 > September > Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges

Identity services provider Okta on Friday warned of social engineering attacks orchestrated by threat actors to obtain elevated administrator permissions.

"In recent weeks, multiple US-based Okta customers have reported a consistent pattern of social engineering attacks against IT service desk personnel, in which the caller's strategy was to convince service desk personnel to reset all multi-factor authentication factors enrolled by highly privileged users," the company said.

The adversary then moved to abuse the highly privileged Okta Super Administrator accounts to impersonate users within the compromised organization.

The access to the Super Administrator accounts is subsequently used to assign higher privileges to other accounts, reset enrolled authenticators in existing administrator accounts, and even remove second-factor requirements from authentication policies in some cases.

"The threat actor was observed configuring a second identity provider to act as an 'impersonation app' to access applications within the compromised org on behalf of other users," Okta said.

As countermeasures, the company is recommending that customers enforce phishing-resistant authentication, strengthen help desk identity verification processes, enable new device and suspicious activity end-user notifications, and review and limit the use of Super Administrator roles.

News URL

https://thehackernews.com/2023/09/okta-warns-of-social-engineering.html