Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 922
- Points
- 113
The company reported an increase in the number of attacks on the Customer Identity Cloud.
Okta reported an increase in the number of credential substitution attacks on its proprietary cloud-based Customer Identity Cloud (CIC) platform. The attacks are primarily aimed at vulnerabilities in Cross-Origin authentication.
Suspicious activity began on April 15, 2024. Okta promptly notified customers who had this feature enabled, but did not disclose the exact number of victims.
Credential substitution is a type of cyber attack in which attackers attempt to log in to online services using an already available list of usernames and passwords obtained from previous data leaks, phishing attacks, or malware.
Okta recommends that users check their logs for unexpected login events, such as failed cross-origin authentication (fcoa), successful cross-origin authentication (scoa), and password leaks (pwd_leak). The company also advises you to change your credentials and restrict or disable authentication between different sources.
The company's customers are likely to have been exposed to a credential substitution attack, regardless of the use of this type of authentication, if scoa or fcoa are present in the event logs and there is an increase in failed login attempts.
Other measures to mitigate the impact of attacks include enabling password leak detection or Credential Guard, banning the use of weak passwords, and implementing password-less authentication methods that are resistant to phishing, using new standards such as Passkey technology.
Previously, Okta has already warned about the growing frequency and scale of attacks by credential substitution on online services that are supported using local proxy services.
Okta reported an increase in the number of credential substitution attacks on its proprietary cloud-based Customer Identity Cloud (CIC) platform. The attacks are primarily aimed at vulnerabilities in Cross-Origin authentication.
Suspicious activity began on April 15, 2024. Okta promptly notified customers who had this feature enabled, but did not disclose the exact number of victims.
Credential substitution is a type of cyber attack in which attackers attempt to log in to online services using an already available list of usernames and passwords obtained from previous data leaks, phishing attacks, or malware.
Okta recommends that users check their logs for unexpected login events, such as failed cross-origin authentication (fcoa), successful cross-origin authentication (scoa), and password leaks (pwd_leak). The company also advises you to change your credentials and restrict or disable authentication between different sources.
The company's customers are likely to have been exposed to a credential substitution attack, regardless of the use of this type of authentication, if scoa or fcoa are present in the event logs and there is an increase in failed login attempts.
Other measures to mitigate the impact of attacks include enabling password leak detection or Credential Guard, banning the use of weak passwords, and implementing password-less authentication methods that are resistant to phishing, using new standards such as Passkey technology.
Previously, Okta has already warned about the growing frequency and scale of attacks by credential substitution on online services that are supported using local proxy services.
