Several unsuccessful Okta login attempts for a user
Description
AlphaSOC detected multiple failed Okta login attempts for a user. This pattern may indicate a potential brute force attack where threat actors attempt to gain unauthorized access to an Okta account by trying different password combinations.
Impact
Repeated failed login attempts could lead to account lockout, disrupting legitimate user access. If successful, attackers would gain access to applications and resources associated with the compromised Okta account, potentially leading to data breaches, unauthorized access to sensitive information, and lateral movement within the infrastructure.
Severity
Severity | Condition |
---|---|
Low | Several unsuccessful Okta login attempts for a user |
Investigation and Remediation
Review Okta System Logs to identify the source IP addresses, user agents, and timing patterns of the failed login attempts. If the activity appears suspicious, verify your multi-factor authentication settings and consider blocking the source IP addresses involved. Monitor the account for any successful authentications following the failed attempts and review access logs for applications integrated with Okta to check for any unauthorized access.