Okta code stolen from GitHub: News report
Wednesday, December 21, 2022
Okta was the victim of a third-party hack in January when the Lapsus$ extortion gang breached the IT environment of Twillio and used their access to steal one-time passwords sent via text message to Okta customers. Okta later apologized for not publicly responding fast enough when news of that attack broke.
“This time Okta’s reaction seems to be much faster and more professional compared to the January incident,” says Ilia Kolochenko, founder of ImmuniWeb.
“The consequences of this security incident may seem insignificant,” he added. “However, access even to a small part of the source code may have a domino effect on the organization. Oftentimes, some parts of source code is shared among different products, offering attackers a plethora of unique opportunities to reverse engineer business-critical software and find zero-day vulnerabilities.
“Likewise, modern source code still contains numerous hardcoded secrets, such as database passwords or API keys, despite the growing implementation of more secure mechanisms to handle secrets. This incident is a telling example that cybercriminals are now actively targeting their victims’ CI/CD [continuous integration/development] pipelines that have become prevalent in a corporate environment, whilst being largely underprotected due to the novelty and comparative complexity of the technology. We should expect more similar attacks in 2023.”
Having source code can make it easier for a threat actor to find vulnerabilities, Johannes Ullrich, director of research at the SANS Institute, said in an interview. But, he added, exploiting them depends on how good Okta is at scanning its code before making products live. “If they do their due diligence, the attacker should not have any easier time finding vulnerabilities than Okta has.” Read Full Article