Commit 10_24_2023: Stuff we Okta know

Towfiqu barbhuiya / Unsplash

Welcome to Commit 10_24_2023! README senior editor Nathaniel Mott here with your twice-weekly serving of steaming-hot cybersecurity news.

TechCrunch: Okta breach leads to 1Password, Cloudflare incidents

Okta’s assurances that a recent breach was limited to its “support case management system” might not be as reassuring as originally believed. TechCrunch today reported that 1Password and Cloudflare suffered follow-on breaches in between the Okta hack and the company’s public disclosure of the incident.

That’s because the support case management system reportedly included “browser recording sessions that can contain sensitive user credentials, such as cookies and session tokens, which if stolen can allow hackers to impersonate user accounts.” Still not quite as devastating as it would’ve been if Okta’s service was compromised, but clearly enough for the hackers to gain initial access to other companies’ networks.

BC: ‘Twas a record month for ransomware

It’s the most wonderful time of the year! Wait, no, that is the winter holiday. Turns out it’s a stressful time of year for defenders, with BleepingComputer reporting that September was a record month for ransomware incidents, thanks to a whopping 514 attacks tallied up by NCC Group. (And those are just the attacks the company knows about; how many others might have happened without it being any the wiser?)

BleepingComputer noted that this means 2023 is on track to be a record year for ransomware. All I’m wondering is, if so many organizations remain susceptible to these attacks despite year after year after year of public reporting on how they’re carried out and why it’s past time for everyone to lock down their networks, are we on track for every successive year to be a record-setting year for ransomware?

The Record: Railroad cyber regulations keep on chuggin’

The Record today reported that the Transportation Security Administration (TSA)—everyone’s favorite government agency—has “renewed cybersecurity directives for passenger and freight railroad carriers that were set to expire.” The directives were introduced in October 2021 and have been renewed in one-year increments since; they’ll come up for renewal again in October 2024 as well.

These directives require the rail industry to “test parts of their cybersecurity incident response plans every year, submit annual updated cybersecurity assessment plans to TSA and report on the effectiveness of the efforts,” among other things, The Record said.

The Register: Former NSA worker pleads guilty to attempting to sell secrets

Calling Jareh Sebastian Dalke a former NSA worker might actually be somewhat charitable—he only worked for the agency for a month before attempting to sell classified information to Russia. Apparently that wasn't long enough for Dalke to learn much about operational security, because he was actually in contact with the FBI, and he was arrested when he agreed to meet up at a time and place of his contact’s choosing rather than arranging a dead-drop under his own conditions. 

The Register today reported that Dalke has now pleaded guilty to six counts of violating the Espionage Act. His plea deal is supposed to cap his sentence at 262 months (which is down from the maximum of life in prison) and he’s set to be sentenced in April 2024. In the meantime, he should serve as a useful example of how not to sell U.S. secrets to foreign countries.