Microsoft, Okta, and HubSpot, three large software businesses, all revealed data breaches in late March. DEV-0537 (aka LAPSUS$), a criminal group that employs crude but tried-and-true assault methodologies, was responsible for the first two occurrences.
Furthermore, hostile actors are always refining and improving their attack strategies, forcing businesses to continuously evaluate and prioritize SaaS security. Robust passwords and SSO solutions are insufficient; businesses must implement additional security measures such as strong MFA, IP address allow lists, and restricting undesired access by using authorization and authentication tools like strongDM, among other things, to ensure corporate network security.
Security teams can use automated solutions like SaaS Security Posture Management (SSPM) to deal with these concerns. The following is a review of the three breaches based on publicly available data, as well as suggested practices for businesses to prevent being harmed by such assaults.
Microsoft leak: MFA has a gap
The Microsoft security team said on March 22 that it had been attacked by DEV-0537. Theft of one of Microsoft’s accounts is said to have resulted in source code theft and release. Microsoft could not explain how the leak occurred, but it did caution customers that the criminal group LAPSUS$ was actively recruiting personnel from telecommunications, well-known software companies, contact centers, and other industries to share login information.
Okta leak: Privileged users lack device security
Sitel Group subcontracts some of Okta’s customer support services. On Jan. 21, Okta security team members were notified that Sitel Group employee accounts had received a fresh multi-factor authentication from a new site.
Someone used the Remote Desktop Protocol to break into the computer of a Sitel engineer, according to an inquiry. The engineer doesn’t have authorization to create or delete users, and he doesn’t have permission to download the customer database because he has limited access to the system. Because he has limited access to client data, the impact on Okta consumers will be minimal.
HubSpot Leak: Employee Information Leaked
HubSpot reported a leak on March 18, 2022, on March 21, 2022. The hackers obtained account information used by a HubSpot employee to assist clients, then gained access to other HubSpot privileged accounts and exported contact information.
One of the ramifications of these attacks is the importance of enterprise cloud backup. When an attacker uses a privileged account to access SaaS applications from a compromised device, even the most secure SaaS systems can be hacked. For comprehensive virtual machine protection, businesses should choose backup solutions that combine device security posture with SaaS security.