Security News > 2021 > January > CISA: Hackers bypassed MFA to access cloud service accounts
The US Cybersecurity and Infrastructure Security Agency said today that threat actors bypassed multi-factor authentication authentication protocols to compromise cloud service accounts.
While threat actors tried gaining access to some of their targets' cloud assets via brute force attacks, they failed due to their inability to guess the correct credentials or because the attacked organization had MFA authentication enabled.
The agency also observed attackers using initial access gained after phishing employee credentials to phish other user accounts within the same organization by abusing what looked like the organization's file hosting service to host their malicious attachments.
The attacks CISA refers to have regularly targeted employees who used company-provided or personal devices while accessing their organizations' cloud services from home.
CISA's advisory contains measures organizations can take to strengthen their cloud security configurations and block attacks targeting their cloud services.
A National Security Agency advisory from December 2020 also warned of hackers forging cloud authentication info to gain access to targets' access cloud resources.
News URL
Related news
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Hackers steal 15,000 cloud credentials from exposed Git config files (source)
- Google Cloud to make MFA mandatory by the end of 2025 (source)
- All Google Cloud users will have to enable MFA by 2025 (source)