惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
L
LINUX DO - 最新话题
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Forbes - Security
Forbes - Security
博客园 - 司徒正美
Hugging Face - Blog
Hugging Face - Blog
W
WeLiveSecurity
Jina AI
Jina AI
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
N
News and Events Feed by Topic
V
V2EX
Stack Overflow Blog
Stack Overflow Blog
Engineering at Meta
Engineering at Meta
PCI Perspectives
PCI Perspectives
Martin Fowler
Martin Fowler
T
The Exploit Database - CXSecurity.com
F
Full Disclosure
WordPress大学
WordPress大学
S
Security Affairs
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
S
SegmentFault 最新的问题
P
Privacy International News Feed
IT之家
IT之家
M
MIT News - Artificial intelligence
G
GRAHAM CLULEY
Hacker News: Ask HN
Hacker News: Ask HN
D
DataBreaches.Net
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google Online Security Blog
Google Online Security Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
Check Point Blog
美团技术团队
Security Latest
Security Latest
Cyberwarzone
Cyberwarzone
N
News and Events Feed by Topic
MyScale Blog
MyScale Blog
H
Help Net Security
宝玉的分享
宝玉的分享
The Hacker News
The Hacker News
The Last Watchdog
The Last Watchdog
The Cloudflare Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
爱范儿
爱范儿
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
I
Intezer
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
AI
AI
I
InfoQ
N
News | PayPal Newsroom
TaoSecurity Blog
TaoSecurity Blog

Okta Security RSS Feed

Datadog and Okta Combine for New Customer Detections Detecting OpenClaw at Sign-In Okta Hardening Guide Updated to Secure Non-Human Identities Okta Pooled Security Audits: a One-Year Retrospective Account Recovery, without Password Resets Okta’s Response to React2Shell Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework Attackers Target Hotelier Accounts in Malvertising and Phishing Campaign Using Auth0 Logs for Proactive Threat Detection Controlling Cross-App Data Sprawl in Google Workspace How this ClickFix campaign leads to Redline Stealer Paving the Path: Pooled Audits with Okta Security Building Confidence in Support Comms with Caller Verify at Okta Enabling ISO/IEC 27001:2022 Compliance with Okta Okta’s Secure by Design Pledge - One Year On Leveraging Okta System Logs for Proactive Threat Detection Enhancing Customer Trust Through a Comprehensive Audit Program Okta's new Security Technical Implementation Guide (STIG) A Guide to DORA Compliance with Okta How AI services power the DPRK’s IT contracting scams Detect and Prevent Cross Device Authentication How Responsible Disclosures are Shaping a Safer Cyberspace Cybersecurity’s Next Gen Next.js CVE-2025-29927 CSO Conversations: Matthew Hansen, Regional CSO of Americas West Empowering Security with Customer Trust Solutions Putting Security First with Secure Development One trick finds the root of any Okta troubles CSO Conversations: Stephen McDermid, Regional CSO of EMEA Content-Security-Policy in a Complex Environment CSO Conversations: Keiko Itakura, Regional CSO of Japan How Okta Embraces Identity Verification Using Persona CSO Conversations: Matt Immler, Regional CSO of Americas East Raising the Bar for our Industry with IPSIE Cyber-Safety over the Holidays Okta Social Engineering Impersonation Report - Response and Recommendation Five Reasons to Upgrade your Org to Okta Identity Engine Okta’s Ongoing Commitment to Secure By Design Unveiling the Essence of the Security Customer Trust Function Security Education Through the Art of Storytelling Seven Ways to Reduce Super Admins in Okta The Case for Zero Standing Privileges FastPass: The battle-hardened authenticator Detecting Cross-Origin Authentication Credential Stuffing Attacks How to Block Anonymizing Services using Okta Why Cyber-heroes need a Zero Trust CAEP! Okta Verify Vulnerability Disclosure Report - Response and Remediation Protecting Administrative Sessions in Okta How to Secure the SaaS Apps of the Future Okta October 2023 Security Incident Investigation Closure October Customer Support Security Incident - Update and Recommended Actions Unauthorized Access to Okta's Support Case Management System: Root Cause and Remediation Tracking Unauthorized Access to Okta's Support System Go “Secure by Default” With Custom Admin Roles for IT support staff Cross-Tenant Impersonation: Prevention and Detection BYO Telephony and the future of SMS at Okta Saying “No Thanks” to nOAuth Telling More Okta Detection Stories with Google Chronicle An Unexpected Endorsement for WebAuthn Social Engineering is Getting More Extreme, but the Fixes Can Be Simple Study up on Okta Logs for Splunk’s Boss of the SOC! Keeping Phishing Adversaries Out of the Middle Using Workflows to Respond to Anomalous Push Requests Okta and Splunk Combine to Detect Common Attacks Setting the Right Levels of Assurance for Zero Trust Catch-All's and Canary Rules User Sign-in and Recovery Events in the Okta System Log Okta Code Repositories Detecting Real-Time Phishing Attacks Detecting Real-Time Phishing Attacks Okta’s Response to OpenSSL Security Update Monitoring for Abuse of Administrative Privileges System Log: a Window into Supporting the Okta Cloud The Human Factor in Phishing Resistance Auth0 Code Repository Archives From 2020 and Earlier Phishing Resistance and Why it Matters Detecting Scatter Swine: Insights into a Relentless Phishing Campaign Defending against Session Hijacking Unlocking the Mystery of 700+ Okta System Log Events Official Okta Statement on LAPSUS$ Claims Protection, without perimeters We (still) need to talk about RDP Just How Risky is Legacy Authentication?
Defensive Domain Registration is a Mug’s Game
John Murphy · 2024-04-03 · via Okta Security RSS Feed

Summary: The time and effort spent on defensive domain registration would be better invested in writing phishing-resistant authentication policies.

Today I want to make the case that registering domains for the sole purpose of protecting against phishing is tackling the phishing problem from the wrong angle. It is, to use a very British idiom, a “mug’s game”: an effort that’s unlikely to yield much success. Most organizations register additional domains based on various permutations of their primary production domain. Sometimes domains are registered to deter potential competitors, and the registrations are aimed at protecting their brand from trademark infringement. Increasingly, we see organizations acquiring domains to deter attackers from registering domains used in social engineering campaigns.

Once you get started on the latter, the pertinent question becomes how many permutations on your domain you’re willing to invest in. Where do you stop?

There is a stronger case to be made for registering key domains that help to catch emails gone awry (the inevitable “fat finger” errors). In the grand scheme of things, domains are cheap.

But once we start considering defensive domain registrations, the value of every subsequent registration diminishes. By using a tool like dnstwist, you can very quickly see how big the game of whack-a-mole could be. With a 4 character domain name, dnstwist generates over 1000 domains. If you multiply this against additional brands and common phishing keywords (support, login, helpdesk, etc), the scope of the problem easily explodes by orders of magnitude.

Conservatively, registering all these domains could easily cost $100k+ per year. Even after you’ve expended this effort, adversaries can always always find yet more permutations of your domain (or the services your users are familiar with) that you haven’t considered. And at the end of the day, registering those domains hasn’t moved the security needle one bit: we have merely expended scarce budget on a few surmountable hurdles for an attacker to side-step.

Let’s just eliminate the phishing problem?

Writing in this blog, my colleagues and I have implored Okta customers to embrace phishing-resistant factors like Okta FastPass and FIDO2 WebAuthn, for a number of good reasons.

Preventative controls are nearly always far more desirable than compensating controls. FastPass or WebAuthn can essentially eliminate phishing attacks that target user authentication. The same can’t be said for defensive domain registrations. The TL;DR is that phishing resistant methods of authentication cannot be phished the same way legacy factors like passwords, and basic MFA (OTP, SMS, etc) can, because they are scoped - that is, authentication is cryptographically tied - to the origin. In other words, a phishing-resistant factor will never authenticate to a domain that it was not enrolled in, even if the user has been tricked into visiting a malicious site.

Not only is this an effective security control, the user experience is far better than a password or any combination of legacy factors. As described in the Secure Sign-in Trends Report, phishing-resistant factors including FastPass and WebAuthn are;

  • Faster to enroll

  • Faster to use

  • Fail less often

  • Are not susceptible to brute-force attacks

  • Inherently more secure (Phishing-resistant)

  • Able to satisfy multiple factor requirements with a single user action (Biometric + Possession)

How can I start using FastPass?

Assuming you’re using Okta Identity Engine (OIE), FastPass is already available to you. If you’re still on Okta Classic, this is another great excuse to take the free upgrade to OIE.

Here are some resources I recommend to help you get started:

If your Workforce org is licensed for Adaptive MFA, I’d also recommend this cheeky rule that packs a lot of punch. An attacker that has stolen user credentials and/or a session cookie will almost always sign in from a New Device and a New IP address. With Okta Expression Language, we can force authentication attempts from New Devices and New IPs to prompt for phishing-resistant factors:

Making all user authentication flows phishing-resistant should be the north star for user identity. And Okta isn’t the only team offering guidance on this. If you need some impartial evidence, try:

It’s time to take the phishing-resistant plunge, and Okta is here to help.

John leads the EMEA node of Okta's Detection and Response Engineering team.

His team develops detections and supplementary automations to protect Okta from threat actors, which in turn inform our rotational response and threat hunting missions.