Microsoft hacked? What’s OKTA?

The security buzz today is all about two related events. First off the reports are that source code from Microsoft’s Bing Search engine, Bing Maps and Cortana virtual assistance was obtained and dumped out for all to see.

First off I typically don’t panic on these “source code” leaks. It doesn’t mean that Bing is now insecure. Rather it just means that like open source software more people can look at it and POTENTIALLY find vulnerabilities.  Doesn’t mean they WILL, just that it’s been exposed to more eyeballs. What is more interesting (concerning?) to me is HOW this group was able to gain access.  I’m more interested in the how of an attack than the what.  “Microsoft is investigating”.  Yeah.  I bet they are.  I feel sorry for the investigation team that now has to comb through log files.

Next this same group called Lapsus$ out of Brazil was able to obtain access to a support personnel for the OKTA single sign on authentication software for Enterprises is the bigger “oh dear” of the day. Lapsus$ also is the group that has stolen source code from Nivida, Samsung, Ubisoft among others.  OKTA CEO is saying that this event is related to an event in January where an engineer got “popped” and compromised.

So… while the timing may make you think this is related to yesterday’s White House announcement regarding possible Russian cyber attacks, it doesn’t appear to be a direct cause and effect.

But that said, in light of yesterday’s statement what should you and I do?

Well if you weren’t doing this stuff before, it may be already too late… but here’s my list:

1. BACKUP.  Oh, you aren’t doing this now?  You should have been doing this for YEARS already and be expert at this.
2. Password review and multi factor where you can.  I don’t want you to run out and immediately change all of your passwords because that would most likely cause you to choose really bad ones as a result. Don’t just change passwords for change sake. But certainly look at those services and sites that are your high risk ones like banking and financial. Is THAT password unique? Passphrase? For banks (that are always the slowest to upgrade to new authentication) can you at least ensure some sort of two factor mechanism? Stop reusing passwords and get a password storing solution (either a paper journal and write them down or a solution like Lastpass, Keypass, etc)
3. Ensure that March updates are installed at this time (Windows, Apple, ChromeBook) all should be deployed now.
4. Review if your router was patched in this century (just kidding, but kinda seriously). If you can’t remember the last time your router got a firmware update it may be time to consider a new router?

As always if you have any questions either post in the comments to this post or head on over to the CyberSecurity for Home users forum.

Needless to say we will be discussing these topics and more in the AskWoody Newsletter.

P.S. Black Hills Information security will be doing a webcast on Youtube  at 4:30 p.m. eastern time (now)