The 21st AusCERT conference opened with a testimonial for how kindness shapes a better world and ended with a plea for better understanding of how unkind threat actors target organisations and individuals.
Former sportswoman Kath Koschel kicked off proceedings with why she established the Kindness Factory, a global movement that inspired more than four million people to ‘pay it forward’.
Having twice had her back broken, which cruelled her dream to play elite cricket, she faced losing her leg, was told she may never walk again, and lost the love of her life.
She overcame adversity by challenging herself and others to be kind.
“Feeling gratitude and not expressing it is like buying your best friend a birthday present, wrapping up putting a bow on it, and then throwing it in the cupboard and never actually giving it to them.
“Who are you grateful for? Have you told them?”
Koschel’s story of resilience struck a chord with security professionals who daily face their own adversities and adversaries in malicious threat actors.
As part of its wellbeing commitment, AusCERT, the not-for-profit cyber emergency response team at the University of Queensland hosting the annual conference on the Gold Coast, had mental health professionals on site to counsel delegates who may be struggling with job and life pressures.
Behind the scenes of the Lapsus$ attack targeting Okta
Acknowledging the toll that malicious actors had on him and his team recently, Brett Winterford, regional security officer for Okta, vivisected the recent Lapsus$ attack that was initially feared to have compromised hundreds of the vendor's customers.
In a brutally frank post-incident assessment, Winterford acknowledged the identity and access management vendor could have been more aggressive with a helpdesk partner that was the attack vector.
The attack by the Lapsus$ hacker group between January 16 and January 21 this year was feared to have compromised 366 Okta customers.
But after review, Okta identified that the attack through a thin client device owned by the third party helpdesk partner lasted 25 minutes and impacted two customers.
It is understood that hackers piggybacked flaws in the third party’s infrastructure to gain limited access to Okta’s systems before technical controls locked them out.
Although Okta managed its own investigations speedily and satisfactorily, Winterford said, communications with its partner were an impediment to informing customers sooner.
Adding to Okta’s headaches, the hackers had a track record of breaching big corporates, lending credence to claims that were subsequently disproved.
“It was always going to result in headlines given the given the role Okta plays for our customers. On a technical level, this event had near zero impact,” Winterford said.
“But that doesn't mean it didn't have a massive impact. It had a very big impact on our customers; it caused a lot of inconvenience and anxiety.
"A great deal of our customers were pretty unimpressed with our response. [The] disappointing part is that it should have been a really good story for Okta; our technology controls frustrated and inhibited this threat actor considerably.”
Closing the lid on the incident, Winterford laid out a playbook for how Okta will soon manage, mitigate and respond to such attacks in future:
- Third party risk management – “We're going to more actively audit and verify the security posture of our third parties.”
- Access to customer support systems – “We’ll insist on support partners [such as helpdesks] making full use of the Okta Identity Cloud and phishing-resistant factors [with log access]. This means we’ll probably work with smaller entities because we can't dictate terms to the big ones.”
- Customer communications – Okta will implement new processes for communicating security and availability issues.
- Live up to our values – “We’ve committed all this to an action plan [and independent forensics report] that we sent out to our customers and that we’ll be executing in the next few weeks.”
“We're going to have real-time visibility of device-related events. We're going to make sure that we have the [system] logs we need to respond,” Winterford said.
AusCERT22 runs this week on the Gold Coast. Brett Winterford is a former iTnews editor.
