Vishing attacks on Okta identity systems have increased in which attackers simply call the victim or an IT help desk and convince them to weaken or reset multi-factor authentication (MFA).

In an April 13 blog post, LevelBlue researchers said once Okta is compromised via vishing, the attackers gain access to an enterprise’s SaaS systems via single sign-on (SSO), which leads to the exfiltration of SharePoint, OneDrive, Salesforce, and Google Workspace data.

The LevelBlue researchers explained that as part of the attack, the threat actors aim to get the victim or help desk to reset MFA, enroll a new authenticator device, provide one-time passcodes, disclose passwords, or reset Okta credentials...