Insights

On March 22, 2022, the threat group LAPSUS$ announced the compromise of Okta. Okta is an enterprise-grade Multi-Factor and Identity and Access Management (IAM). Recently, the LAPSUS$ group has made statements of breaching high-value targets, but has provided very little evidence of being successful into those attacks. It is now known that the attack on Okta was successful and approximately 366 customers were impacted. Though the details of the attack are still quite limited, what we know is that this attack was likely successful due to phishing or the acquisition of credentials through the bribing of an internal employee. Regardless of the method, based on the screenshots shared by the attacker, it appears that a third-party support engineer's laptop was compromised and legitimate access was used. At this time, we recommend the following actions: Review Okta System logs for unusual "Reset Multifactor" events. Review Okta system logs for unusual "Reset…

"Do not store The Business Continuity Plan and Disaster Recovery Plan on the server. If you are only reviewing the plan annually, you are already behind. Things move too quickly for annual review." Build Your Defenses Operations: Establish baseline and target security maturity. Establish baseline and target security posture. Review personnel capabilities and determine skill paths. Develop and provide standards and guidelines for secure application development and infrastructure requirements. Emerging Threats: Develop risk and threat models. Determine available tools in use or to be acquired. Threat Intelligence: Learn how to integrate and contribute. Vulnerability Management: Develop automation for the detection and remediation of new vulnerabilities. Incident Response: Review current IR procedures and update if needed. Define internal and external communication protocols and guidelines.

As the events have been unfolding in Ukraine, there has been an amplification of cyberattacks around the world. These attacks are beginning to impact organizations around the United States. It should be stated that Russia has sophisticated cyber capabilities with a track record of wreaking havoc on organizations around the world. The SVR, Russia's foreign intelligence service, has been linked to a several of espionage campaigns and data breaches, from the widespread SolarWinds breach in 2020 to stealing information related to COVID-19 vaccines. Critical Path Security, along with our trusted partners in the U.S. Intelligence Community, Law Enforcement, and Global Intelligence Allies are continuing to monitor this situation around the clock to isolate legitimate and direct threats against our customers and national interests. CISA recommends that organizations, regardless of size, adopt a cybersecurity program that embraces the following recommendations: Reduce the likelihood of a damaging cyber intrusion Validate that all…

"Get to know your organization" We also received a lot of practical, tried-and-tested advice on how new CTOs can get to know their organization better. "If possible, a new CTO or CISO should interview the predecessor. Most CTO-led programs are tied to long-term goals with relatively long implementation cycles. The predecessor will provide some unique insight that is often left out of the documentation. If possible, have them introduce you to the other department leaders, executives, and your direct report. Their stamp of approval will make your transition much smoother!" "Learn the culture. This requires asking a lot of questions and listening intently. I recommend mapping to the McKinsey 7S Framework, if possible. It will help you find your fit and how to best communicate across the organization." "I recommend performing a high-level assessment of the current IT capabilities and commitments. There won't be enough time to get deep into…