Okta has completed its analysis of the March 2022 incident that saw The Lapsus$ extortion crew get a glimpse at some customer information, and concluded that its implementation of zero trust techniques foiled the attack – and that its (former) outsourced customer service provider Sitel was largely to blame for the confusion surrounding the incident.
So said Brett Winterford, Asia-Pacific and Japan chief security officer of the identity-management-as-a-service vendor, at the Gartner Risk and Security Summit in Sydney today.
Winterford explained that the incident started in January when an Okta analyst observed a Sitel support engineer attempting to reset a password – but did so from outside the expected network range, did not attempt to fulfil a multifactor authentication challenge, and requested the new login details be sent to a Sitel email address managed under Microsoft 365 rather than the expected Okta address managed under Google Workspaces. Okta can see what happens in the virtual desktops it provides to Sitel engineers, and in the Workspaces it provides to those engineers. But Okta cannot see Sitel’s MS365.