According to Okta, a well known and reputable identity and authentication management provider, various customers have reported a consistent pattern of social engineering attacks targeting IT service desk personnel.
The caller convinces service desk personnel to reset all Multi-Factor Authentication (MFA) factors enrolled by highly privileged users. Attacker then leveraged highly privileged Super Admin accounts to abuse legitimate features and impersonate users.
Lesson Learned: Even IT Personnel needs continuous awareness training and reminders! Always validate whether the requester is authorized to make such changes especially in user accounts.
#PinedaCyberSecurity #CyberSecurity #CyberSecurityPH #DataProtection #CyberAwareness #ProtectYourPrivacy #DataPrivacyPH #MultiFactorAuthentication
