Hackers are getting smarter, and phishing is becoming more sophisticated. Most employees know that when an email comes in from a random address, rife with misspellings, and credentials or other private data demands, it’s absolutely a phishing scam. But what if, as an employee, you got a text to update your Okta credentials? What if the link took you to a domain that looked just like your Okta login?
Those kinds of questions are what employees are going to have to start answering and be on the lookout for as phishing attempts get more advanced. Just last month that Okta scenario played out for employees of two major companies.
How This Domain Hack Happened
This summer, two major companies — a two-factor authentication provider and a content delivery network — fell victim to a phishing scheme that involved fake domains of Okta login pages.
While it’s unclear how bad actors were able to get ahold of the phone numbers for multiple employees at both companies, these bad actors texted employees disguised as official company communications. The texts contained an Okta link. When employees clicked the link, it took them to a fake domain identical to the Okta login page. If an employee entered their Okta credentials, those credentials were sent to the bad actors on a Telegram chat, effectively granting them access to systems without the employee ever knowing what happened.
One of the companies disclosed that an unknown number of employees were affected, and another one stated that while employees did fall for the scam, the use of a hardware two-factor authentication system prevented a breach.
What This Hack Says About Phishing Scams
The logistics of this hack are a worst-case scenario for an employer. This attack was sophisticated, unsuspicious, and in the case of two-factor authenticator company, succeeded. So, what can organizations learn from this attack to prevent their employees from becoming the next target?
1. Multi-factor authentication (MFA) is crucial for protecting access.
MFA is defined as two or more forms of verification factors that are needed to gain access. MFA is at its best when those factors come from different mediums, as Cloudflare highlighted with the hardware key they mandate in addition to Okta. If an organization is just using Okta for MFA, or lacks MFA all together, this phishing attempt showed how easily any domain can be mimicked, and the usual “did you just try to log in?” pop-up Okta provides wouldn’t appear until after the credentials were entered. And as we’ve seen, there has been a growing risk of MFA attacks.
2. Phishing not only continues to be popular — it’s evolving.
Obtaining phone numbers, crafting believable text messages, and then creating a fake of a well-trusted site takes a lot of work and resources, but the payoff is clearly worth it. It would be surprising if this is the only instance of this kind of attack that makes headlines. According to the 2022 Data Breach Investigations Report by Verizon, 82% of breaches involve the human element, and phishing was the second most common kind of attack. The first? Credential theft (which of course can be achieved through phishing).
3. Your Security Awareness Program (SAP) may be falling short.
As attacks increase and attack vectors evolve, making sure your employees are prepared for the threats around them becomes more and more important. If your organization is training employees only once a year and on more basic attack vectors, employees could be missing swaths of information they need to stay safe and keep the business secure. This attack is a wake-up call for organizations to evaluate what their SAPs look like and if those include proven measures like micro-learning, phishing simulations, and updated content on new attack vectors.
While strong cybersecurity policies and documented practices are critical for fending off various forms of phishing attacks, it’s not the only solution needed, especially as these kinds of phishing attacks increase in frequency and sophistication.
To learn more about how ongoing security awareness programs can empower employees to better defend themselves, see Arctic Wolf Managed Security Awareness ®.