Security News > 2021 > January > CISA: Hackers bypassed MFA to access cloud service accounts
The US Cybersecurity and Infrastructure Security Agency said today that threat actors bypassed multi-factor authentication authentication protocols to compromise cloud service accounts.
While threat actors tried gaining access to some of their targets' cloud assets via brute force attacks, they failed due to their inability to guess the correct credentials or because the attacked organization had MFA authentication enabled.
The agency also observed attackers using initial access gained after phishing employee credentials to phish other user accounts within the same organization by abusing what looked like the organization's file hosting service to host their malicious attachments.
The attacks CISA refers to have regularly targeted employees who used company-provided or personal devices while accessing their organizations' cloud services from home.
CISA's advisory contains measures organizations can take to strengthen their cloud security configurations and block attacks targeting their cloud services.
A National Security Agency advisory from December 2020 also warned of hackers forging cloud authentication info to gain access to targets' access cloud resources.
News URL
Related news
- Scattered Spider hackers switch focus to cloud apps for data theft (source)
- Hackers abused API to verify millions of Authy MFA phone numbers (source)
- CloudSorcerer hackers abuse cloud services to steal Russian govt data (source)
- PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing (source)