Joshua from Beyond Identity takes us through the massive phishing attack targeting Okta users codenamed: 0ktapus.
This attack bypassed these Okta users' one-time code-based MFA and specifically targeted Okta accounts, as the attackers knew they could get around these Okta defenses. According to Group-IB, the attackers targeted employees of these companies. These employees
As a result CISA’s new guidance emphasizes the need for phishing-resistant MFA, that does not utilize phishable factors like one-time codes, SMS, email magic links, or passwords.
Follow Beyond Identity:
/ beyondidentity
/ beyond-identity-inc
Website:
www.beyondiden...
29 сен 2024