Threat Actors Breached Okta Support System and Stole Customers’ Data
- Recently, Okta announced that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens. This data has the potential to be misused by attackers in future cyberattacks.
- Okta pointed out that the breached system is separate from the production Okta service, which was not impacted. The company also stated that the Auth0/CIC case management system was not impacted, and Okta has already notified all impacted customers.
- Okta has since taken technical measures to prevent the abuse of stolen data and has developed an advisory with a list of potentially malicious IPs to look for.
- Link to Okta’s Announcement: https://sec.okta.com/harfiles
Kwik Trip Finally Confirms Cyberattack was Behind Ongoing Outage
- Kwik Trip recently confirmed that it’s investigating a cyberattack impacting the convenience store chain’s internal network, which has left some systems down since October 9th.
- Kwik Trip has indicated that there isn’t any evidence to suggest the attackers gained access to customer payment details; however, they haven’t clarified what, if any, customer personal information may have been impacted by the cyberattack.
- The incident is still under investigation with certain systems gradually being brought back online. As the article notes, Kwik Trip has over 800 convenience stores, 35,000 employees, and a variety of sub entities under its umbrella.
QR Codes Used in 22% of Phishing Attacks
- Hoxhunt, a security company, recently published a report that looked at the human side of cybersecurity. Hoxhunt’s report tested 38 organizations in nine industries based in 125 countries consisting of 591,000 participants.
- The report noted that 22% of phishing attacks in the beginning of October leveraged QR codes to deliver malicious payloads. Hoxhunt performed a phishing simulation with QR codes imbedded and found that 36% of recipients successfully identified and reported the phish test.
- Additionally, the report noted that employees in communications roles were 1.6 times more likely to engage with QR codes and employees with legal responsibilities were less likely to scan QR codes.
- Among other recommendations, the report highlighted the importance of continuous security awareness training and the need to treat QR codes the same as a potentially malicious link.
- Link to Hoxhunt’s Report: https://www.hoxhunt.com/blog/insights-hoxhunt-cybersecurity-human-risk-benchmark-challenge
Software Supply Chain Security Attacks Up 200%: New Sonatype Research
- According to the software company Sonatype, attacks on software supply chains increased by 200% over the past year. Likewise, many downloaded code dependencies are riddled with vulnerabilities.
- The report notes that attacks on the open-source software supply chain have grown significantly with 245,032 malicious packages identified as of September 2023, corroborating the European Union Agency for Cybersecurity’s (ENISA) data from late 2022 suggesting that software supply chain compromises were a top emerging threat for many organizations.
- The article highlights that many software packages require several hundred code dependencies. As such, managing dependencies and ensuring that their vulnerabilities are addressed has become a monumental task and gap for many organizations that develop software.
- Link to Sonatype’s Report: https://www.sonatype.com/state-of-the-software-supply-chain/introduction
- Link to NCSC’s Supply Chain Resources: https://www.ncsc.gov.uk/blog-post/mastering-your-supply-chain
Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps
- According to Kaspersky, North Korean threat actors have been observed trying to lure employees within the defense industry, such as nuclear engineers, in a campaign dubbed Operation Dream Job.
- The threat actors trick potential victims by offering them lucrative job opportunities via social media platforms, such as LinkedIn and Facebook.
- From there, the hackers convince the victims to download and run a trojanized version of a virtual network computing (VNC) app, such as AnyDesk, to set up a fake interview. In the background, malicious payloads are retrieved with the goal of acquiring potentially valuable information from the victim’s newly infected device.
Five Eyes Coalition Release Guidelines for Business Leaders on Securing Intellectual Property
- The Five Eyes security alliance recently released guidance for organizations looking to further secure their intellectual property. Within this guidance, the alliance developed what is dubbed as the Five Principles of Secure Innovation.
- The five principles include knowing the threats, securing your environment, securing your products, securing your partnerships, and securing your growth. The information released also included other recommendations on how organizations can further protect their most valuable secrets.
- The guidelines are in response to a sharp increase in aggressive attempts by foreign actors to steal intellectual property across all five countries that make up the Five Eyes security alliance.
- Link to the NPSA’s Report: https://www.npsa.gov.uk/blog/security-planning/five-eyes-launches-five-principles-secure-innovation
Microsoft Extends Purview Audit Log Retention After July Breach
- In response to numerous organizations becoming the victim of a state-sponsored cyberattack on Microsoft Exchange and Microsoft 365 systems in July, Microsoft is extending the Audit log retention limits for organizations who leverage Microsoft Purview. The updated defaults will be rolled out to customers over the course of the remainder of 2023 and into the Fall of 2024.
- Microsoft announced that the default log retention for Purview Audit (Standard) customers will increase from 90 days to 180 days. Those with Audit (Premium) will retain the default one year of log retention with the option to extend to up to 10 years of log retention.
- Additionally, Microsoft is allowing access to cloud logging data and the ability to receive log information from additional services, like Microsoft Teams, for all Audit (Standard) users as part of their licenses. This adjustment is a direct response to public outcry about the inability for Audit (Standard) customers to properly monitor for the indicators of compromise seen in the July attack.
- Link to Microsoft’s Announcement: https://www.microsoft.com/en-us/security/blog/2023/10/18/expanding-audit-logging-and-retention-within-microsoft-purview-for-increased-security-visibility/
The Need for a Cybersecurity-Centric Business Culture
- By all accounts, cutting-edge technology and skilled cybersecurity resources should be the end of the story for ensuring network integrity; however, data regularly suggest that this is far from the case. As the article emphasizes, an important component is a robust cybersecurity culture.
- The article highlights that a more secure organization starts with understanding that there is always cybersecurity risk within the organization. The article notes the importance of building a cybersecurity culture by starting at the top levels of leadership, demonstrating that cybersecurity truly matters, and educating and testing personnel regularly.
- As the author states, “At the end of the day, building a culture of cybersecurity is achievable by acknowledging its importance and consistently reinforcing that message. The goal is to have people thinking and talking about cybersecurity as part of their normal course of business.”