Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Scary New IT Admin Attack Exposes Your MFA Weakness

    Social Engineering Okta CredentialsIdentity and authentication management provider Okta has warned of social engineering attacks that are targeting IT workers in an attempt to gain administrative privileges within organizations’ networks.

    “In recent weeks, multiple US-based Okta customers have reported a consistent pattern of social engineering attacks against IT service desk personnel, in which the caller’s strategy was to convince service desk personnel to reset all Multi-Factor Authentication (MFA) factors enrolled by highly privileged users,” Okta says. “The attackers then leveraged their compromise of highly privileged Okta Super Administrator accounts to abuse legitimate identity federation features that enabled them to impersonate users within the compromised organization.”

    The threat actors already had some information about the targeted organizations before they contacted the IT employees

    “Threat actors appeared to either have a) passwords to privileged user accounts or b) be able to manipulate the delegated authentication flow via Active Directory (AD) prior to calling the IT service desk at a targeted org, requesting a reset of all MFA factors in the target account,” Okta says. “In the case of Okta customers, the threat actor targeted users assigned with Super Administrator permissions.”

    The attackers also impersonated another identity management provider using a phony app.

    “The threat actor was observed configuring a second Identity Provider (IdP) to act as an ‘impersonation app’ to access applications within the compromised Org on behalf of other users,” the company says. “This second Identity Provider, also controlled by the attacker, would act as a ‘source’ IdP in an inbound federation relationship (sometimes called ‘Org2Org’) with the target. From this ‘source’ IdP, the threat actor manipulated the username parameter for targeted users in the second ‘source’ Identity Provider to match a real user in the compromised ‘target’ Identity Provider. This provided the ability to Single sign-on (SSO) into applications in the target IdP as the targeted user.”

    New-school security awareness training can teach your employees to recognize social engineering tactics so they can thwart targeted attacks.

    Okta has the story.

     

    Return To KnowBe4 Security Blog

    12 Ways to Defeat Multi-Factor Authentication On-Demand Webinar

    Webinars19Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, explores 12 ways hackers use social engineering to trick your users into revealing sensitive data or enabling malicious code to run. Plus, he shares a hacking demo by KnowBe4's Chief Hacking Officer, Kevin Mitnick.

    Watch the Webinar

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/webinar-12-ways-to-defeat-mfa

    Topics: Social Engineering, Security Awareness Training, MFA

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews