In light of the recent wave of attacks by the financially motivated threat actor Octo Tempest, also known as 0ktapus, Scattered Spider, and UNC3944, we understand the growing concern felt by security professionals in every industry. Octo Tempest, with its broad social engineering campaigns, adversary-in-the-middle (AiTM) techniques, and SIM-swapping capabilities, represents a significant threat to organizations globally. Their evolving campaigns for financial extortion have targeted a wide range of industries, from hospitality and gaming to technology and financial services.
Octo Tempest specifically targets Okta customers and has mastered techniques to exploit unfortunate customer information disclosures from passive DNS and search engine indexing of Okta login pages. They have also developed methods to bypass legacy multi-factor authentication (MFA) in Okta environments, leveraging this access to initiate financial extortion campaigns.
Given the situation, we felt the need to release a free, open source tool set called the Okta Defense Kit to help security and identity professionals identify and prevent security vulnerabilities that have led to recent Okta breaches. Our tool set stands out as a necessary response to the evolving tactics, techniques, and procedures employed by threat actors like Octo Tempest and currently includes: .
Okta Session Analyzer
This tool provides a turnkey assessment of breaches that fully preserves privacy. It identifies and alerts on indicators of compromise (IOCs) that are indicative of security vulnerabilities – the same vulnerabilities that led to recent Okta breaches – so you can both prevent breaches and diagnose if you have been impacted by an Okta breach.
HAR File Sanitizer
HAR File Sanitizer that removes sensitive information from HAR files. Session tokens being shared in HAR files led to a recent breach discovered first by BeyondTrust and Cloudflare. While Okta recommends sanitized HAR files, they provide no tooling, requirements, or mechanisms to actually protect their customers from attackers exploiting HAR files.
At Beyond Identity, we are committed to upholding the highest standards of security and transparency. Our Okta Defense Kit empowers you to take control of your digital security by proactively assessing your exposure to breaches while remaining privacy preserving.
Stay tuned as we continue to develop and enhance our suite of security tools which will be available in the coming weeks. These tools will provide you with the necessary resources to safeguard your Okta digital landscape effectively.
You can access the Okta Defense Kit here. If you have questions or want to discuss security best practices to defend your Okta environments, book some time directly with one of our security architects.