Attack.impact

An Okta policy rule was modified or deleted, potentially weakening security controls.

Attackers may halt or disable security services on Linux systems to evade defenses, maintain persistence, or disrupt operations, detected through the use of utilities like 'systemctl', 'service', and 'chkconfig'.

An adversary may modify or delete Azure Network Firewall Policies to impair defenses and potentially impact network security.

Adversaries disable crucial scheduled tasks, such as those related to BitLocker, Windows Defender, System Restore and Windows Update, using schtasks.exe to disrupt services and potentially facilitate data destruction or ransomware deployment.

Attackers may attempt to disable system restore via registry modifications through the command line to prevent recovery after malicious activity.

This brief describes a detection for unauthorized application access attempts within an Okta environment, indicating a potential security breach or misconfiguration.

An Okta policy was modified or deleted, potentially indicating unauthorized changes to security configurations within the Okta identity management platform by a malicious actor or insider.

Adversaries delete critical scheduled tasks, such as those related to BitLocker, ExploitGuard, System Restore, Windows Defender, and Windows Update, to disrupt security measures and enable data destruction.