Alert essentials:

Okta is warning customers to step up their phishing defenses due to increased attacks from threat actors impersonating its support team.

 

Email Team

 

Detailed threat description:

Bad actors often target identity solutions to access an organization’s systems. This year brings heightened awareness as hackers alter their tactics and phishing attempts more than doubled. Phishing is a cyberattack attackers use to deceive people into revealing sensitive information or installing malware through fraudulent communications that appear legitimate.

These attacks exploit social engineering tactics and can result in unauthorized access to systems, financial fraud, data breaches, and loss of customer trust, ultimately affecting the organization’s bottom line and operational integrity.

Email-based attacks surged more than threefold in the second half of 2024, driven by increasingly sophisticated phishing techniques and the use of AI to craft convincing, targeted messages.

Attackers exploit advanced phishing kits and zero-day links that evade traditional security controls, allowing malicious content to reach inboxes undetected.

Recent upticks in support-themed phishing attacks are not slowing down, and Okta warned customers of increased social engineering attempts to impersonate its support team.

Be advised that if Okta does reach out, the following channels will be utilized:

+1 415-915-9255. Okta Support phone calls vary by region:

  • In North America, from +1 800-219-0964 or +1 855-243-9894
  • In APAC, from +61 1800 951 247
  • In EMEA, from +44 808 169 7176

Impacts on healthcare organizations:

A successful phishing campaign against a hospital can have severe consequences, including disruption of healthcare services, financial losses, and reputation damage.

The case of Anthem Inc. illustrates the potential scale of damage. A phishing attack led to a breach affecting 78.8 million members, resulting in fines and settlements totaling over $179 million.

Healthcare facilities can improve defenses against phishing attacks by using phishing simulations to help staff recognize and report suspicious emails. Organizations can also implement multi-factor authentication, continuously reinforce best practices, and create policies that prioritize cybersecurity.

 

Recommendations

Engineering recommendations:

  • Update software frequently
  • Look for recognizable signs of an attempt, including urgency and manipulation of an emotional response as tactics
    • Social engineering attackers may use time-sensitive situations and/or a narrative to invoke an emotional response to coerce impulsive decisions
  • One of the most apparent indicators is a message with poor sentence structure, improper grammar, and incorrect spelling
    • The layout, including the formatting of the message, is irregular
    • It should be noted that with the emergence of AI technology, spelling and grammar errors are not always obvious or even present
  • Unsolicited email or SMS messages, including attachments or links, should be verified before opening, especially if the messaging involves a sense of urgency
  • Deploy an endpoint protection tool
  • Use MFA in your professional and personal lives

 

Leadership/ Program recommendations:

  • Phishing awareness training will teach your employees what to look for and what to do if they suspect a phishing attack is underway
  • According to research from Proofpoint published in 2022, 80% of organizations said phishing awareness training reduced their employees’ susceptibility to attacks
  • Reinforce the awareness training with a simulated phishing attack
    • These show employees what a phishing attempt would look like in the real world and how to apply the theory they’ve learned
  • Implement payment verification policies so multiple people must approve an invoice before wiring funds and that payments are only made via approved channels
  • Reduce your attack surface by embracing the Zero Trust concept of “least privilege access”
  • Adopt next-generation identity technologies like passkeys that support password-less and phishing-resistant user experiences with continuous threat protection

Fortified recommends applying patches and updates where possible and only after adequate testing in a development environment to ensure stability and compliance with organizational change management policies.

 

References: