Microsoft recently confirmed that the hacker group known as LAPSUS$ had gained “limited access” to its systems. Its partner, the self-proclaimed “World’s #1 Identity Platform” and access management company Okta, acknowledged the breach through the account of a customer support engineer working for a third-party provider.
By compromising the customer support engineer’s login credentials, the attackers had access to the engineer’s laptop during a five-day window in January. Nearly 2.5% of Okta’s customers have been potentially impacted in the wake of the breach.
Who’s breach is this?
Data breaches happen so often nowadays it’s hard to keep them all straight. What makes this breach different? Well, this was an access credential breach targeting a customer support engineer, who by the very nature of their job, has high level access to internal systems to provide support.
This is the paradox of centralized cloud-based systems: If you require access to a system you naturally need identity credentials within that system. Indeed, your level of access is tied directly to those credentials. This engineer was providing customer support for Okta and Microsoft customers, so they had total access.
I’m sure Microsoft has a third-party contract clause with Okta and it likely sets high standards for protecting internal data that must be maintained at Okta. However, how diligent are the third parties that Okta engages? This hack affected Microsoft and Okta customers, but the engineer did not work for either company.
Access credentials are especially valuable to criminals trading in cryptocurrencies on the Dark Web. Within the largest companies, it’s very likely that a hacker has already compromised at least one of the thousands of employee credentials, so corporations must be proactive before the inevitable ransom ask.
Which company did we hire anyway?
Compromised credentials allow organized crime to easily spoof an identity and steal valuable or sensitive data, plant ransomware or spread malware. The more that third part contractors are embedded in any system, the more vulnerable it is to data breach and theft.
Customer support requires an army of intelligent, well-trained people who are hard to find and expensive. Most companies don’t have these resources, so they rent all or a portion of that army from a third-party customer service specialist provider.
Unfortunately, your part-time contract army is taking on an army of professional criminals with stolen digital tools and credentials, and even worse, they demand payment in untraceable cryptocurrencies. In most cases, you’ve lost the war before you even realized you’re under attack.