Join the ThreatLabz research team and our product experts on Tuesday, 3/29/22 at 9:30am PT for an analysis of the LAPSUS$ Okta attack and strategies for assessing and reducing the impact to your organization.
The extortion threat group LAPSUS$ arrived on threat researchers' radar back in December 2021, with a burst of erratic attacks that represent a notable departure from the business-like operations of ransomware gangs.
This brazen group uses smash-and-grab methods to extort organizations, with techniques that include island-hopping supply chain attacks, phone-based vishing scams, targeting personal emails accounts, buying compromised credentials, and even paying employees or business partners to gain access to permissioned accounts. At first, LAPSUS$ threat activity was focused on companies in South America but has since expanded to high-profile attacks on some of the world’s largest tech companies including LG, Microsoft, NVIDIA, Okta, Samsung, Ubisoft, and Vodafone.
The latest data leaks from LAPSUS$, including partial source code from Microsoft and data of up to 366 Okta customers, have launched this group into the media spotlight and captured the attention of the cybersecurity industry. The Okta breach could be categorized as a supply chain attack that used a compromised user account from a third-party service contractor to access sensitive systems and clients. Also known as “island hopping,” this technique requires only a single account as an entry point to exploit an integrated ecosystem of connected organizations.
Following these events, it is important that security leaders take to task anticipating how a similar attack would impact their own organization and use this mindset to develop an effective defense strategy. This mentality of preparing for the worst instinctively lends itself to deploying a zero trust strategy. The rest of this article is focused on methods to assess your defenses and break down how zero trust can help you improve your security posture and reduce the impacts of targeted supply chain attacks, insider threats, and data breaches.
Mitigating a supply chain attack or compromised user with zero trust
Stopping an upstream supply chain attack or compromised user can be one of the toughest tasks in security. While there are no silver bullets, a zero trust architecture can dramatically reduce the blast radius of a successful attack by ensuring you can:
Zscaler helps defend your organization from supply chain attacks
Supply chain attacks continue to be an effective tool for attackers. Because you can’t manage the security posture of all your partner organizations, it’s important to have multiple layers of protection and visibility across your environment. As part of the Zero Trust Exchange, our integrated platform helps you:
Read the ThreatLabz security advisory: Lapsus$ Attack on Okta: How to Evaluate the Impact to your Organization for a technical analysis of the threat, practical SOC playbook, and recommended detection rules from Zscaler’s threat research team.
Learn more: join a live ThreatLabz briefing on Tuesday, March 22 and 9:30am PT for updated information on the LAPSUS$ attack on Okta, a walkthrough of our SOC playbook, and zero trust strategies for preventing and mitigating damage from similar compromises in the future. Register now.