• Making IT Work
  • 0800 8047 256
  • information@eacs.com
Okta Breach UpdateOkta Breach UpdateOkta Breach UpdateOkta Breach Update
  • About Us
    • Our Story
    • Customer Charter
    • Customers
      • Case Studies
    • ISO Certifications
    • CSR Statement
    • Awards & Recognition
    • Policy Statements
  • Services
    • Services News
    • Managed Services
      • 24/7 Services
      • Device Services
      • Device as a Service
      • Infrastructure Services
      • Security Service
      • Print Service
      • Managed Support Services
      • Managed WAN
      • Case Studies
      • Datasheets
    • Modern Workplace
      • Digital Transformation
      • Strategy Consulting
      • Current State Assessment
      • Desktop Deployment
      • Hardware Products
      • Data Management Solutions
      • Software & Renewal
      • Procurement Portal
        • eacs Selector
      • Lifecycle Management
      • Benefits of Hardware & Software Services
      • Case Studies
      • Datasheets
    • Hybrid Cloud
      • Journey to the Cloud
      • Optimise Virtual Workspace
      • Cloud Migration
      • Cloud Solutions
      • Architecture & Planning
      • Project Management
      • Cloud Availability Suite
      • Case Studies
      • Datasheets
    • Cyber Security
      • Predict
      • Prevent
      • Detect
      • Respond
      • Cybersecurity Made Simple
      • Cyber Essentials
      • Datasheets
    • Apple Services
      • Case Studies
      • Datasheets
    • Apps & Data
      • The Power Platform
      • Data Intelligence
      • Case Studies
      • Datasheets
  • Partners
    • Hybrid Cloud
    • Modern Workplace
    • Security
    • Frameworks
      • Shared Business Services
  • Optimise IT
    • Agenda
    • Exhibitors
  • News & Resources
    • News
      • Featured News
      • eacs in the news
      • eacs Blogs
      • eacs Newsletters
    • Resources
    • Case Studies
    • Datasheets
  • Community
    • Charitable Activities
    • Environment
    • CSR Statement
  • Careers
    • Careers
      • Recruitment Process
    • People Stories
    • Policies
  • Contact
    • Marketing
✕
Image for Data Protection Blog. Image of someone pressing interactive security padlock
UK organisations encouraged to take action in response to current situation in and around Ukraine
March 2, 2022
Published by Marketing on March 31, 2022
Categories
  • Business
  • News
Tags
  • Cybersecurity
  • MFA
  • Ransomware
Phishing

Okta Breach Update

Many of you will have seen various articles regarding the Laspsus$ extortion group and recently publicised breaches. LAPSUS$ is a relatively new cybercrime group specialising in stealing data from large companies and threatening to publish it unless a ransom demand is paid. The group denies any state links or interest in politics as their activities suggest a loosely collected group compared to a disciplined organisation. The group have gained notoriety by compromising several high-profile companies in the technology sector, including the identity management platform Okta. eacs would like to confirm that we do not use Okta as an identity management tool.

Lapsus$ have made public claims that they had gained access to Microsoft and exfiltrated portions of source code. Microsoft has confirmed that no customer code or data was involved in the observed activities. Their investigation found that a single account had been compromised, granting limited access. Microsoft’s cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity. Microsoft does not rely on the secrecy of code as a security measure, and viewing source code does not lead to the elevation of risk. Microsoft was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated action allowing intervention to interrupt the actor in mid-operation, limiting broader impact.

For a long time now, eacs has been recommending that all our clients enforce Multi-Factor Authentication and Conditional Access as a means to secure your environment, and incidents such as this put the need for this very much in the spotlight. Based on further analysis, eacs is recommending that all clients consider the following steps:

  • Increase your insider threat monitoring. eacs can assist you in strengthening your defence by putting in place machine learning detection that has been trained on normal system activities to alert when employees are doing something outside their usual routine or potentially going rogue.  
  • Implement security education and awareness training to your users to recognise social engineering attacks and identify phishing
  • Segregate your network with distinct trust levels and implement access control with a need to know basis on your environment
  • Use an authentication app to secure your 2FA login codes rather than telephony-based MFA methods to avoid risks associated with SIM jacking.
  • Strengthen and monitor your cloud security posture by implementing Conditional Access and session risk configurations such as blocking high sign-in risks
  • Establish operation security processes such as Incident response communications.
  • Patch all systems and applications. eacs can confirm that we are applying all system and security patches as required for all clients for whom we provide this as part of their managed service.

If you are concerned or have any questions, please don’t hesitate to contact your Service Delivery Manager or a member of our team on 0800 8047 256.

Share
0
Marketing
Marketing

Related posts

Image for Data Protection Blog. Image of someone pressing interactive security padlock
March 2, 2022

UK organisations encouraged to take action in response to current situation in and around Ukraine


Read more
evolving networks news
January 19, 2022

eacs supporting Evolving Networks charge into the IT Channel


Read more
September 23, 2021

Development Bank of Wales Group appoints eacs for managed services & technical services


Read more

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

About

About Us

Corporate Social Responsibility

Customer Satisfaction

Services

Managed Services

Professional Services

Cloud Services

Apple Services

Cyber Security

Hardware and Software

Procurement Portal – eacs Selector

Get in Touch

Head Office:
7 Ramsay Court,
Hinchingbrooke Business Park,
Huntingdon, Cambridgeshire.
PE29 6FY

Tel: 0800 8047 256
Fax: 0845 – 3379 147
Email: Click Here

Policies

Cookies

Disclaimer

Policy Statements

Privacy

Supplier Code of Conduct

© 2020 EACS. All Rights Reserved